Bug 1679889 (CVE-2019-8956)

Summary: CVE-2019-8956 Kernel: SCTP: use-after-free while traversing list of endpoint associations
Product: [Other] Security Response Reporter: Prasad J Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jforbes
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A use-after-free issue was found in the Linux kernel's SCTP implementation. The issue could occur while traversing a list of endpoint associations to send a message to all of them via SCTP_SENDALL process. A user/process could use this flaw to crash the kernel resulting in a denial of service or potentially escalate privileges on a system.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-18 14:20:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1679890, 1679920, 1679921    
Bug Blocks: 1679857    

Description Prasad J Pandit 2019-02-22 07:24:00 UTC
A use-after-free issue was found in the Linux kernel's SCTP implementation.
It could occur while traversing a list of endpoint associations to send
a message to all of them via SCTP_SENDALL process.

A user/process could use this flaw to crash the kernel resulting in DoS
or potentially escalate privileges on a system.

Upstream patch:
---------------
  -> https://git.kernel.org/linus/ba59fb0273076637f0add4311faa990a5eec27c0

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/02/21/2
  -> https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/

Comment 1 Prasad J Pandit 2019-02-22 07:26:59 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1679890]

Comment 5 Justin M. Forbes 2019-02-22 14:04:06 UTC
This was fixed for Fedora with the 4.20.8 stable updates.

Comment 6 Eric Christensen 2019-02-27 15:44:45 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2.