Описание
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2019:2736 | 12.09.2019 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2019:2043 | 07.08.2019 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2019:2029 | 06.08.2019 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2019:3217 | 29.10.2019 |
| Red Hat Enterprise Linux 7.5 Extended Update Support | kernel | Fixed | RHSA-2020:0036 | 07.01.2020 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | kernel | Fixed | RHSA-2019:2837 | 20.09.2019 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2019:1971 | 30.07.2019 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2019:1959 | 30.07.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
An issue was discovered in the Linux kernel before 5.0.7. A NULL point ...
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
ELSA-2019-2736: kernel security and bug fix update (IMPORTANT)
EPSS
6.2 Medium
CVSS3