CVE-2018-20856
kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443.
A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-26 CVE Reserved
- 2019-07-26 CVE Published
- 2024-07-19 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-416: Use After Free
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html | X_refsource_misc |
|
| https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/Aug/18 | Mailing List |
|
| https://seclists.org/bugtraq/2019/Aug/26 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190905-0002 | X_refsource_confirm |
|
| https://support.f5.com/csp/article/K14673240?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:3055 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3076 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3089 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3217 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0100 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0103 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0543 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0664 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0698 | 2023-11-07 | |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7 | 2023-11-07 | |
| https://usn.ubuntu.com/4094-1 | 2023-11-07 | |
| https://usn.ubuntu.com/4116-1 | 2023-11-07 | |
| https://usn.ubuntu.com/4118-1 | 2023-11-07 | |
| https://www.debian.org/security/2019/dsa-4497 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-20856 | 2020-03-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1738705 | 2020-03-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.18.7 Search vendor "Linux" for product "Linux Kernel" and version " < 4.18.7" | - |
Affected
| ||||||