APPLIED(B,C): [PATCH 0/1][SRU][B/C/D/Unstable] CVE-2019-8912 - AF_ALG use after free

Khaled Elmously khalid.elmously at canonical.com
Fri Feb 22 08:53:59 UTC 2019


On 2019-02-21 09:28:31 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8912.html
> 
>  In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c
>  neglects to set a NULL value for a certain structure member, which leads to a
>  use-after-free in sockfs_setattr.
> 
> Clean cherry pick back to Bionic (Xenial and older are not affected). I've
> successfully tested the fix with the syzkaller reproducer under Bionic and
> Cosmic.
> 
> Tyler
> 
> Mao Wenan (1):
>   net: crypto set sk to NULL when af_alg_release.
> 
>  crypto/af_alg.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> -- 
> 2.7.4
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team



More information about the kernel-team mailing list