An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2018-20856 User=admin}