Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678496 (CVE-2019-8956) - Kernel: local privilege escalation due to use-after-free in "sctp_sendmsg()" (CVE-2019-8956)
Summary: Kernel: local privilege escalation due to use-after-free in "sctp_sendmsg()" ...
Alias: CVE-2019-8956
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Depends on:
Reported: 2019-02-21 13:35 UTC by Agostino Sarubbo
Modified: 2022-03-26 00:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-02-21 13:35:21 UTC
From ${URL} :

Secunia just announced this a local root in SCTP:

There was a SCTP local root in the kernel due to a association list

In sctp_sendmesg(), when walking the list of endpoint associations, the
association can be dropped from the list, making the list corrupt.
Properly handle this by using list_for_each_entry_safe()

Fixes: 4910280503f3 ("sctp: add support for snd flag SCTP_SENDALL process in sendmsg")

This issue is in 4.17 up to 5.0rc6.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 00:56:30 UTC
Patch is in 4.19.21, 4.20.8, 5.0