Bugzilla – Bug 1124136
VUL-0: CVE-2019-8956: kernel-source: sctp local root
Last modified: 2019-03-13 06:27:43 UTC
Yes, the SCTP_SENDALL handling code fixed by commit ba59fb027307 (currently
in net tree) was indeed introduced by commit 4910280503f3 ("sctp: add support
for snd flag SCTP_SENDALL process in sendmsg") in v4.17-rc1 which was not
backported into any of our older branches.
Therefore only master and stable branches are affected.
Commit ba59fb027307 ("sctp: walk the list of asoc safely") is in mainline now
so that it's going to be in v5.0-rc6.
was there any publishing of this issue?
Doesn't really matter anymore as the fix is in master (via 4.20-rc6) and stable
(via 4.20.8) branches and we don't need it anywhere else.
Reassigning to security team.
(In reply to Michal Kubeček from comment #6)
> Doesn't really matter anymore as the fix is in master (via 4.20-rc6) ...
Should be "via 5.0-rc6".
can be considered done I think.