logo
DATABASE RESOURCES PRICING ABOUT US

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4510)

Description

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4510 advisory. - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. (CVE-2018-1094) - In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. (CVE-2018-19824) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related