vulnerability
Oracle Linux: CVE-2020-9391: ELSA-2020-5691: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 2020-02-25 | 2022-10-05 | 2025-01-23 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
2020-02-25
Added
2022-10-05
Modified
2025-01-23
Description
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
A heap corruption flaw was found in the Linux kernel on the AArch64 architecture. The top byte is ignored in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards. This has been observed to cause heap corruption within the GNU C Library malloc implementation. The highest threat from this vulnerability is to system availability.
A heap corruption flaw was found in the Linux kernel on the AArch64 architecture. The top byte is ignored in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards. This has been observed to cause heap corruption within the GNU C Library malloc implementation. The highest threat from this vulnerability is to system availability.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.