APPLIED[D]: [PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free
Seth Forshee
seth.forshee at canonical.com
Wed Feb 27 13:30:09 UTC 2019
On Fri, Feb 22, 2019 at 10:28:26AM +0000, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8956.html
>
> Secunia Research has discovered a vulnerability in Linux Kernel, which
> can be exploited by malicious, local users to potentially gain
> escalated privileges.
>
> A use-after-free error in the "sctp_sendmsg()" function
> (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
> to corrupt memory.
>
> Clean cherry pick back to Cosmic (older releases are not affected).
> Build logs are clean.
Applied to disco/master-next, thanks!
More information about the kernel-team
mailing list