APPLIED/cmnt: [PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free
kleber.souza at canonical.com
Tue Mar 12 12:12:11 UTC 2019
On 2/22/19 11:28 AM, Tyler Hicks wrote:
> Secunia Research has discovered a vulnerability in Linux Kernel, which
> can be exploited by malicious, local users to potentially gain
> escalated privileges.
> A use-after-free error in the "sctp_sendmsg()" function
> (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
> to corrupt memory.
> Clean cherry pick back to Cosmic (older releases are not affected).
> Build logs are clean.
> Greg Kroah-Hartman (1):
> sctp: walk the list of asoc safely
> net/sctp/socket.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
This patch has already been applied to cosmic/master-next branch.
More information about the kernel-team