[PATCH 0/2][SRU][D] CVE-2019-3874 - SCTP Denial of Service

Tyler Hicks tyhicks at canonical.com
Thu Apr 18 07:49:22 UTC 2019


 The SCTP socket buffer used by a userspace application is not accounted by
 the cgroups subsystem. An attacker can use this flaw to cause a denial of
 service attack. Kernel 3.10.x and 4.18.x branches are believed to be

Clean cherry picks. Build logs are clean. I've regression tested these changes
by moving 1 GiB of data using SCTP over the loopback interface.


Xin Long (2):
  sctp: implement memory accounting on tx path
  sctp: implement memory accounting on rx path

 include/net/sctp/sctp.h |  2 +-
 net/sctp/sm_statefuns.c |  6 ++++--
 net/sctp/socket.c       | 10 ++++++++--
 net/sctp/ulpevent.c     | 19 ++++++++-----------
 net/sctp/ulpqueue.c     |  3 ++-
 5 files changed, 23 insertions(+), 17 deletions(-)


More information about the kernel-team mailing list