Missing Release of Resource after Effective Lifetime The advisory has been revoked - it doesn't affect any version of package kernel-debug  (opens in a new tab)


Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL7-KERNELDEBUG-8303607
  • published24 Oct 2024
  • disclosed8 Mar 2018

Introduced: 8 Mar 2018

CVE-2018-10021  (opens in a new tab)
CWE-772  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:7.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-debug package and not the kernel-debug package as distributed by RHEL.

drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables