APPLIED[D/Unstable]: [PATCH 0/1][SRU][B/C/D/Unstable] CVE-2019-8912 - AF_ALG use after free
Seth Forshee
seth.forshee at canonical.com
Fri Feb 22 10:16:08 UTC 2019
On Thu, Feb 21, 2019 at 09:28:31AM +0000, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8912.html
>
> In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c
> neglects to set a NULL value for a certain structure member, which leads to a
> use-after-free in sockfs_setattr.
>
> Clean cherry pick back to Bionic (Xenial and older are not affected). I've
> successfully tested the fix with the syzkaller reproducer under Bionic and
> Cosmic.
Applied to disco and unstable, thanks!
More information about the kernel-team
mailing list