APPLIED(B,C): [PATCH 0/1][SRU][B/C/D/Unstable] CVE-2019-8912 - AF_ALG use after free
Khaled Elmously
khalid.elmously at canonical.com
Fri Feb 22 08:53:59 UTC 2019
On 2019-02-21 09:28:31 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8912.html
>
> In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c
> neglects to set a NULL value for a certain structure member, which leads to a
> use-after-free in sockfs_setattr.
>
> Clean cherry pick back to Bionic (Xenial and older are not affected). I've
> successfully tested the fix with the syzkaller reproducer under Bionic and
> Cosmic.
>
> Tyler
>
> Mao Wenan (1):
> net: crypto set sk to NULL when af_alg_release.
>
> crypto/af_alg.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list