{
  "threat_severity" : "Important",
  "public_date" : "2019-07-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c",
    "id" : "1738705",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1738705"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.", "A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-16T00:00:00Z",
    "advisory" : "RHSA-2019:3089",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1062.4.1.rt56.1027.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-16T00:00:00Z",
    "advisory" : "RHSA-2019:3055",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1062.4.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-16T00:00:00Z",
    "advisory" : "RHSA-2019:3076",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-29T00:00:00Z",
    "advisory" : "RHSA-2019:3217",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-115.14.1.el7a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-01-14T00:00:00Z",
    "advisory" : "RHSA-2020:0103",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.62.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-01-14T00:00:00Z",
    "advisory" : "RHSA-2020:0103",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "kernel-0:3.10.0-693.62.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-01-14T00:00:00Z",
    "advisory" : "RHSA-2020:0103",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "kernel-0:3.10.0-693.62.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2020-02-19T00:00:00Z",
    "advisory" : "RHSA-2020:0543",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "kernel-0:3.10.0-862.48.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-03-03T00:00:00Z",
    "advisory" : "RHSA-2020:0664",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "kernel-0:3.10.0-957.46.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-03-03T00:00:00Z",
    "advisory" : "RHSA-2020:0698",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2020-01-14T00:00:00Z",
    "advisory" : "RHSA-2020:0100",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.62.1.rt56.659.el6rt"
  }, {
    "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2020-03-03T00:00:00Z",
    "advisory" : "RHSA-2020:0664",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "kernel-0:3.10.0-957.46.1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-20856\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20856" ],
  "name" : "CVE-2018-20856",
  "csaw" : false
}