oss-sec mailing list archives

Kernel local root in SCTP / CVE-2019-8956

From: Marcus Meissner <meissner () suse de>
Date: Thu, 21 Feb 2019 13:57:50 +0100

Hi,

CVE-2019-8956 

Secunia just announced this a local root in SCTP:

        https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/

There was a SCTP local root in the kernel due to a association list
corruption.

https://lore.kernel.org/netdev/20190201141522.GA20785 () kroah com/

In sctp_sendmesg(), when walking the list of endpoint associations, the
association can be dropped from the list, making the list corrupt.
Properly handle this by using list_for_each_entry_safe()

Fixes: 4910280503f3 ("sctp: add support for snd flag SCTP_SENDALL process in sendmsg")

This issue is in 4.17 up to 5.0rc6.

Ciao, Marcus

Current thread:

Kernel local root in SCTP / CVE-2019-8956 Marcus Meissner (Feb 21)