Vulnerability CVE-2018-20856
Published: 2019-07-26

Description:
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.

Type:

CWE-416

 (Use After Free)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Linux -> Linux kernel 

 References:
http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54648cf1ec2d7f4b6a71767799c45676a138ca24
https://github.com/torvalds/linux/commit/54648cf1ec2d7f4b6a71767799c45676a138ca24
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
https://seclists.org/bugtraq/2019/Aug/18
https://seclists.org/bugtraq/2019/Aug/26
https://usn.ubuntu.com/4094-1/
https://www.debian.org/security/2019/dsa-4497
Copyright 2024, cxsecurity.com

 

Back to Top