vulnerability
Oracle Linux: CVE-2020-9391: ELSA-2020-5691: Unbreakable Enterprise kernel security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | Feb 25, 2020 | Oct 5, 2022 | Dec 3, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Feb 25, 2020
Added
Oct 5, 2022
Modified
Dec 3, 2025
Description
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
A heap corruption flaw was found in the Linux kernel on the AArch64 architecture. The top byte is ignored in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards. This has been observed to cause heap corruption within the GNU C Library malloc implementation. The highest threat from this vulnerability is to system availability.
A heap corruption flaw was found in the Linux kernel on the AArch64 architecture. The top byte is ignored in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards. This has been observed to cause heap corruption within the GNU C Library malloc implementation. The highest threat from this vulnerability is to system availability.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.