CVE-2018-20856

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.

References

http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

https://access.redhat.com/errata/RHSA-2019:3055

https://access.redhat.com/errata/RHSA-2019:3076

https://access.redhat.com/errata/RHSA-2019:3089

https://access.redhat.com/errata/RHSA-2019:3217

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54648cf1ec2d7f4b6a71767799c45676a138ca24

https://github.com/torvalds/linux/commit/54648cf1ec2d7f4b6a71767799c45676a138ca24

https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html

https://seclists.org/bugtraq/2019/Aug/18

https://seclists.org/bugtraq/2019/Aug/26

https://security.netapp.com/advisory/ntap-20190905-0002/

https://support.f5.com/csp/article/K14673240?utm_source=f5support&utm_medium=RSS

https://usn.ubuntu.com/4094-1/

https://usn.ubuntu.com/4116-1/

https://usn.ubuntu.com/4118-1/

https://www.debian.org/security/2019/dsa-4497

Details

Source: MITRE

Published: 2019-07-26

Updated: 2019-08-13

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
134735EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)NessusHuawei Local Security Checks
critical
134265RHEL 7 : kpatch-patch (RHSA-2020:0698)NessusRed Hat Local Security Checks
high
134262RHEL 7 : kernel (RHSA-2020:0664)NessusRed Hat Local Security Checks
critical
133786RHEL 7 : kernel (RHSA-2020:0543)NessusRed Hat Local Security Checks
high
133461Virtuozzo 7 : readykernel-patch (VZA-2019-081)NessusVirtuozzo Local Security Checks
high
132947RHEL 6 : kernel-rt (RHSA-2020:0100)NessusRed Hat Local Security Checks
high
132886RHEL 7 : kernel (RHSA-2020:0103)NessusRed Hat Local Security Checks
high
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
132007SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3261-1)NessusSuSE Local Security Checks
high
132006SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3260-1)NessusSuSE Local Security Checks
high
132005SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)NessusSuSE Local Security Checks
high
132001SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3232-1)NessusSuSE Local Security Checks
high
131999SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)NessusSuSE Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
131421NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222)NessusNewStart CGSL Local Security Checks
high
131411NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0221)NessusNewStart CGSL Local Security Checks
high
130373RHEL 7 : kernel-alt (RHSA-2019:3217)NessusRed Hat Local Security Checks
high
130128CentOS 7 : kernel (CESA-2019:3055)NessusCentOS Local Security Checks
high
130078Scientific Linux Security Update : kernel on SL7.x x86_64 (20191016)NessusScientific Linux Local Security Checks
high
130039Oracle Linux 7 : kernel (ELSA-2019-3055)NessusOracle Linux Local Security Checks
high
129992RHEL 7 : kernel-rt (RHSA-2019:3089)NessusRed Hat Local Security Checks
high
129960RHEL 7 : kpatch-patch (RHSA-2019:3076)NessusRed Hat Local Security Checks
high
129958RHEL 7 : kernel (RHSA-2019:3055)NessusRed Hat Local Security Checks
high
129261EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2068)NessusHuawei Local Security Checks
high
128929EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)NessusHuawei Local Security Checks
critical
128842EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)NessusHuawei Local Security Checks
high
128725Photon OS 2.0: Linux PHSA-209-2.0-0175NessusPhotonOS Local Security Checks
critical
128542SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)NessusSuSE Local Security Checks
high
128478Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)NessusUbuntu Local Security Checks
critical
128476Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)NessusUbuntu Local Security Checks
medium
128470SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)NessusSuSE Local Security Checks
high
127921Debian DLA-1885-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
127889Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)NessusUbuntu Local Security Checks
high
127882Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)NessusSlackware Local Security Checks
high
127867Debian DSA-4497-1 : linux - security updateNessusDebian Local Security Checks
high
117923Amazon Linux AMI : kernel (ALAS-2018-1086)NessusAmazon Linux Local Security Checks
high