ACK: [PATCH 0/4][SRU][X] CVE-2019-3874 - SCTP Denial of Service
Stefan Bader
stefan.bader at canonical.com
Thu Apr 18 09:34:42 UTC 2019
On 18.04.19 09:50, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3874
>
> The SCTP socket buffer used by a userspace application is not accounted by
> the cgroups subsystem. An attacker can use this flaw to cause a denial of
> service attack. Kernel 3.10.x and 4.18.x branches are believed to be
> vulnerable.
>
> Non-trivial backporting effort. Build logs are clean. I've regression tested
> these changes by moving 1 GiB of data using SCTP over the loopback interface.
>
> Tyler
>
> Xin Long (4):
> sctp: fix the issue that a __u16 variable may overflow in
> sctp_ulpq_renege
> sctp: use sk_wmem_queued to check for writable space
> sctp: implement memory accounting on tx path
> sctp: implement memory accounting on rx path
>
> include/net/sctp/sctp.h | 2 +-
> net/sctp/sm_statefuns.c | 6 ++++--
> net/sctp/socket.c | 42 ++++++++++++++----------------------------
> net/sctp/ulpevent.c | 19 ++++++++-----------
> net/sctp/ulpqueue.c | 25 +++++++++----------------
> 5 files changed, 36 insertions(+), 58 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190418/1648a16b/attachment-0001.sig>
More information about the kernel-team
mailing list