ACK: [PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free
Colin Ian King
colin.king at canonical.com
Fri Feb 22 11:18:25 UTC 2019
On 22/02/2019 10:28, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8956.html
>
> Secunia Research has discovered a vulnerability in Linux Kernel, which
> can be exploited by malicious, local users to potentially gain
> escalated privileges.
>
> A use-after-free error in the "sctp_sendmsg()" function
> (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
> to corrupt memory.
>
> Clean cherry pick back to Cosmic (older releases are not affected).
> Build logs are clean.
>
> Tyler
>
> Greg Kroah-Hartman (1):
> sctp: walk the list of asoc safely
>
> net/sctp/socket.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Looks good.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list