APPLIED/cmnt: [PATCH 0/1][SRU][C/D] CVE-2019-8956 - SCTP use-after-free
Kleber Souza
kleber.souza at canonical.com
Tue Mar 12 12:12:11 UTC 2019
On 2/22/19 11:28 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8956.html
>
> Secunia Research has discovered a vulnerability in Linux Kernel, which
> can be exploited by malicious, local users to potentially gain
> escalated privileges.
>
> A use-after-free error in the "sctp_sendmsg()" function
> (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited
> to corrupt memory.
>
> Clean cherry pick back to Cosmic (older releases are not affected).
> Build logs are clean.
>
> Tyler
>
> Greg Kroah-Hartman (1):
> sctp: walk the list of asoc safely
>
> net/sctp/socket.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
This patch has already been applied to cosmic/master-next branch.
Thanks,
Kleber
More information about the kernel-team
mailing list