ACK: [PATCH 0/3][SRU][C] CVE-2019-3874 - SCTP Denial of Service

Stefan Bader stefan.bader at canonical.com
Thu Apr 18 09:26:32 UTC 2019


On 18.04.19 09:49, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3874
> 
>  The SCTP socket buffer used by a userspace application is not accounted by
>  the cgroups subsystem. An attacker can use this flaw to cause a denial of
>  service attack. Kernel 3.10.x and 4.18.x branches are believed to be
>  vulnerable.
> 
> Clean cherry picks. Build logs are clean. I've regression tested these changes
> by moving 1 GiB of data using SCTP over the loopback interface.
> 
> Tyler
> 
> Xin Long (3):
>   sctp: use sk_wmem_queued to check for writable space
>   sctp: implement memory accounting on tx path
>   sctp: implement memory accounting on rx path
> 
>  include/net/sctp/sctp.h |  2 +-
>  net/sctp/sm_statefuns.c |  6 ++++--
>  net/sctp/socket.c       | 44 +++++++++++++++-----------------------------
>  net/sctp/ulpevent.c     | 19 ++++++++-----------
>  net/sctp/ulpqueue.c     |  3 ++-
>  5 files changed, 30 insertions(+), 44 deletions(-)
> 
Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190418/187c1076/attachment-0001.sig>


More information about the kernel-team mailing list