[PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free

Colin Ian King colin.king at canonical.com
Fri Feb 22 11:18:57 UTC 2019 

On 22/02/2019 11:16, Tyler Hicks wrote:
> On 2019-02-22 10:40:50, Colin Ian King wrote:
>> On 22/02/2019 10:28, Tyler Hicks wrote:
>>> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8956.html
>>
>> The URL seems to point to a non-existent page.
> 
> It is due to an unfortunate, but useful, race condition between myself
> and the security team. The security team periodically monitors (sometimes,
> multiple times per day) for Ubuntu CVE Tracker changes proposed by the
> kernel team, double checks them for accuracy, and merges them. Once they
> merge my changes, the page at the above URL will be populated. It just
> so happens that I got this particular kernel patch out the door before
> they merged my Ubuntu CVE Tracker changes.
> 
> I'll paste in the top portion of the CVE file from my pending Ubuntu CVE
> Tracker changes:
> 
> =====
> Candidate: CVE-2019-8956
> PublicDate: 2019-02-22
> References:
>  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8956
> Description:
>  Secunia Research has discovered a vulnerability in Linux Kernel, which
>  can be exploited by malicious, local users to potentially gain
>  escalated privileges.
> 
>  A use-after-free error in the "sctp_sendmsg()" function
>  (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
>  to corrupt memory.
> 
>  The vulnerability is confirmed in version 4.20.0-rc2 and reported
>  in versions 4.20.x prior to 4.20.8 and 4.19.x prior to 4.19.21.
> Ubuntu-Description:
> Notes:
> Bugs:
> Priority: medium
> Discovered-by: Jakub Jirasek
> Assigned-to:
> 
> Patches_linux:
>  break-fix: 4910280503f3af2857d5aa77e35b22d93a8960a8 ba59fb0273076637f0add4311faa990a5eec27c0
> upstream_linux: released (5.0~rc6)
> precise/esm_linux: not-affected (3.0.0-12.20)
> trusty_linux: not-affected (3.11.0-12.19)
> xenial_linux: not-affected (4.2.0-16.19)
> bionic_linux: not-affected (4.13.0-16.19)
> cosmic_linux: needed
> devel_linux: needed
> =====

Thanks :-)
> 
> Tyler
> 
>>
>>>
>>>  Secunia Research has discovered a vulnerability in Linux Kernel, which
>>>  can be exploited by malicious, local users to potentially gain
>>>  escalated privileges.
>>>
>>>  A use-after-free error in the "sctp_sendmsg()" function
>>>  (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
>>>  to corrupt memory.
>>>
>>> Clean cherry pick back to Cosmic (older releases are not affected).
>>> Build logs are clean.
>>>
>>> Tyler
>>>
>>> Greg Kroah-Hartman (1):
>>>   sctp: walk the list of asoc safely
>>>
>>>  net/sctp/socket.c | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>
>>
>> -- 
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

More information about the kernel-team mailing list