Xiao Jin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.18.7 ZENworks Configuration Management (ZCM) version 10.3 and versions 11.2 prior to 11.2.4 **Description** An issue was discovered in the Linux kernel related to a use-after-free error in the ` blk drain queue()` function in block/blk-core.c due to mishandling of a certain error case. This issue may allow an attacker to impact data integrity, gain unauthorized access to protected information, and cause a denial of service. Additionally, a vulnerability in the ZENworks Configuration Management (ZCM) server allows remote attackers to perform directory traversal attacks and load and execute arbitrary programs by sending a request to TCP port 443 due to improper authentication for the zenworks/jsp/index.jsp file. **Recommendations** For Linux kernel versions prior to 4.18.7, update to version 4.18.7 or later to resolve the issue. For ZENworks Configuration Management (ZCM) version 10.3, update to a version later than 10.3. For ZENworks Configuration Management (ZCM) versions 11.2 prior to 11.2.4, update to version 11.2.4 or later. As a temporary workaround for the Linux kernel issue, consider restricting access to the `block/blk-core.c` file until a patch is available. For the ZENworks Configuration Management (ZCM) issue, restrict access to the zenworks/jsp/index.jsp file to minimize the risk of exploitation.