[PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free
Tyler Hicks
tyhicks at canonical.com
Fri Feb 22 10:28:26 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8956.html
Secunia Research has discovered a vulnerability in Linux Kernel, which
can be exploited by malicious, local users to potentially gain
escalated privileges.
A use-after-free error in the "sctp_sendmsg()" function
(net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
to corrupt memory.
Clean cherry pick back to Cosmic (older releases are not affected).
Build logs are clean.
Tyler
Greg Kroah-Hartman (1):
sctp: walk the list of asoc safely
net/sctp/socket.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list