'[oss-security] Kernel local root in SCTP / CVE-2019-8956'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Kernel local root in SCTP / CVE-2019-8956
From:       Marcus Meissner <meissner () suse ! de>
Date:       2019-02-21 12:57:50
Message-ID: 20190221125750.GC869 () suse ! de
[Download RAW message or body]

Hi,

CVE-2019-8956 

Secunia just announced this a local root in SCTP:

	https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/

There was a SCTP local root in the kernel due to a association list
corruption.

https://lore.kernel.org/netdev/20190201141522.GA20785@kroah.com/

In sctp_sendmesg(), when walking the list of endpoint associations, the
association can be dropped from the list, making the list corrupt.
Properly handle this by using list_for_each_entry_safe()

Fixes: 4910280503f3 ("sctp: add support for snd flag SCTP_SENDALL process in sendmsg")

This issue is in 4.17 up to 5.0rc6.

Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic