[PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free

Tyler Hicks tyhicks at canonical.com
Fri Feb 22 11:16:47 UTC 2019 

On 2019-02-22 10:40:50, Colin Ian King wrote:
> On 22/02/2019 10:28, Tyler Hicks wrote:
> > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8956.html
> 
> The URL seems to point to a non-existent page.

It is due to an unfortunate, but useful, race condition between myself
and the security team. The security team periodically monitors (sometimes,
multiple times per day) for Ubuntu CVE Tracker changes proposed by the
kernel team, double checks them for accuracy, and merges them. Once they
merge my changes, the page at the above URL will be populated. It just
so happens that I got this particular kernel patch out the door before
they merged my Ubuntu CVE Tracker changes.

I'll paste in the top portion of the CVE file from my pending Ubuntu CVE
Tracker changes:

=====
Candidate: CVE-2019-8956
PublicDate: 2019-02-22
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8956
Description:
 Secunia Research has discovered a vulnerability in Linux Kernel, which
 can be exploited by malicious, local users to potentially gain
 escalated privileges.

 A use-after-free error in the "sctp_sendmsg()" function
 (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
 to corrupt memory.

 The vulnerability is confirmed in version 4.20.0-rc2 and reported
 in versions 4.20.x prior to 4.20.8 and 4.19.x prior to 4.19.21.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Jakub Jirasek
Assigned-to:

Patches_linux:
 break-fix: 4910280503f3af2857d5aa77e35b22d93a8960a8 ba59fb0273076637f0add4311faa990a5eec27c0
upstream_linux: released (5.0~rc6)
precise/esm_linux: not-affected (3.0.0-12.20)
trusty_linux: not-affected (3.11.0-12.19)
xenial_linux: not-affected (4.2.0-16.19)
bionic_linux: not-affected (4.13.0-16.19)
cosmic_linux: needed
devel_linux: needed
=====

Tyler

> 
> > 
> >  Secunia Research has discovered a vulnerability in Linux Kernel, which
> >  can be exploited by malicious, local users to potentially gain
> >  escalated privileges.
> > 
> >  A use-after-free error in the "sctp_sendmsg()" function
> >  (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
> >  to corrupt memory.
> > 
> > Clean cherry pick back to Cosmic (older releases are not affected).
> > Build logs are clean.
> > 
> > Tyler
> > 
> > Greg Kroah-Hartman (1):
> >   sctp: walk the list of asoc safely
> > 
> >  net/sctp/socket.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list