Allele Security Intelligence - ASA-2019-00110 – Linux kernel: Use-after-free in sctp

Allele Security Alert

ASA-2019-00110

Identifier(s)

ASA-2019-00110, CVE-2019-8956

Title

Use-after-free in sctp_sendmsg()

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel version before 5.0

Linux kernel version 4.20.x before 4.20.8
Linux kernel version 4.19.x before 4.19.21

Linux kernel versions since the following commit:

sctp: add support for snd flag SCTP_SENDALL process in sendmsg
https://github.com/torvalds/linux/commit/4910280503f3af2857d5aa77e35b22d93a8960a8

Fixed version(s)

Linux kernel version 5.0

Linux kernel version 4.20.8
Linux kernel version 4.19.21

Linux kernel versions with the following commit applied:

sctp: walk the list of asoc safely
https://github.com/torvalds/linux/commit/ba59fb0273076637f0add4311faa990a5eec27c0

Proof of concept

Unknown

Description

A use-after-free error in the sctp_sendmsg() function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Technical details

Unknown

Credits

Jakub Jirasek (Flexera Secunia Research)

Reference(s)

Linux Kernel “sctp_sendmsg()” Use-After-Free Vulnerability
https://www.flexera.com/products/operations/software-vulnerability-research/secunia-research/advisories/sr-2019-05.html

sctp: walk the list of asoc safely
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0

sctp: add support for snd flag SCTP_SENDALL process in sendmsg
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4910280503f3af2857d5aa77e35b22d93a8960a8

sctp: walk the list of asoc safely
https://github.com/torvalds/linux/commit/ba59fb0273076637f0add4311faa990a5eec27c0

sctp: add support for snd flag SCTP_SENDALL process in sendmsg
https://github.com/torvalds/linux/commit/4910280503f3af2857d5aa77e35b22d93a8960a8

[PATCH net] sctp: walk the list of asoc safely
https://lore.kernel.org/netdev/20190201141522.GA20785@kroah.com/

Linux 5.0
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0

Linux 4.20.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8

Linux 4.19.21
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21

CVE-2019-8956 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-8956

CVE-2019-8956 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8956.html

CVE-2019-8956 | SUSE
https://www.suse.com/security/cve/CVE-2019-8956

CVE-2019-8956
https://security-tracker.debian.org/tracker/CVE-2019-8956

CVE-2019-8956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8956

CVE-2019-8956
https://nvd.nist.gov/vuln/detail/CVE-2019-8956

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 29, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

ASA-2019-00110 – Linux kernel: Use-after-free in sctp_sendmsg()

Allele Security Alert

ASA-2019-00110

Identifier(s)

Title

Vendor(s)

Product(s)

Affected version(s)

Fixed version(s)

Proof of concept

Description

Technical details

Credits

Reference(s)

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

Like this:

Related

Allele Security Alert

ASA-2019-00110

Identifier(s)

Title

Vendor(s)

Product(s)

Affected version(s)

Fixed version(s)

Proof of concept

Description

Technical details

Credits

Reference(s)

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

Share this:

Like this:

Related