An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
Loading...
Loading...
Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2022-05-24. NVD baseline CVSS 7.8; sources differ by 0.0.
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
July 26, 2019
November 21, 2024
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | linux-image-virtual-hwe-16.04 (4.15.0.58.79) @ xenial | 2026-05-23 | ubuntu |
| ubuntu | linux-image-aws-hwe (4.15.0.1047.47) @ xenial | 2026-05-23 | ubuntu |
| ubuntu | linux-image-virtual-lts-xenial (4.4.0.161.169) @ xenial | 2026-05-23 | ubuntu |
| redhat | kpatch-patch | 2020-03-03 | redhat |
| redhat | kernel-0:3.10.0-957.46.1.el7 | 2020-03-03 | redhat |
| redhat | kernel-0:3.10.0-862.48.1.el7 | 2020-02-19 | redhat |
| redhat | kernel-0:3.10.0-693.62.1.el7 | 2020-01-14 | redhat |
| redhat | kernel-rt-1:3.10.0-693.62.1.rt56.659.el6rt | 2020-01-14 | redhat |
| redhat | kernel-alt-0:4.14.0-115.14.1.el7a | 2019-10-29 | redhat |
| redhat | kernel-rt-0:3.10.0-1062.4.1.rt56.1027.el7 | 2019-10-16 | redhat |
| redhat | kernel-0:3.10.0-1062.4.1.el7 | 2019-10-16 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
RHSA-2019:3055 — Important
RHSA-2019:3076 — Important
RHSA-2019:3089 — Important
RHSA-2019:3217 — Important
RHSA-2020:0100 — Important
RHSA-2020:0103 — Important
RHSA-2020:0543 — Important
RHSA-2020:0664 — Important
RHSA-2020:0698 — Important
Linux kernel vulnerabilities
Linux kernel vulnerabilities
Linux kernel (AWS) vulnerabilities
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Explore the affected products and dependency analysis for CVE-2018-20856
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
redhat
CWE-416