A use-after-free issue was found in the Linux kernel's SCTP implementation. It could occur while traversing a list of endpoint associations to send a message to all of them via SCTP_SENDALL process. A user/process could use this flaw to crash the kernel resulting in DoS or potentially escalate privileges on a system. Upstream patch: --------------- -> https://git.kernel.org/linus/ba59fb0273076637f0add4311faa990a5eec27c0 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/02/21/2 -> https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1679890]
This was fixed for Fedora with the 4.20.8 stable updates.
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2.