Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-8956

Опубликовано: 21 фев. 2019
Источник: redhat
CVSS3: 7.8

Описание

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

A use-after-free issue was found in the Linux kernel's SCTP implementation. The issue could occur while traversing a list of endpoint associations to send a message to all of them via SCTP_SENDALL process. A user/process could use this flaw to crash the kernel resulting in a denial of service or potentially escalate privileges on a system.

Отчет

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1679889Kernel: SCTP: use-after-free while traversing list of endpoint associations

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-8956

CVSS3: 7.8
ubuntu
почти 7 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

nvd логотип

CVE-2019-8956

CVSS3: 7.8
nvd
почти 7 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

debian логотип

CVE-2019-8956

CVSS3: 7.8
debian
почти 7 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-fre ...

github логотип

GHSA-6647-2gmj-c8h8

CVSS3: 7.8
github
больше 3 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

fstec логотип

BDU:2019-01183

CVSS3: 7.8
fstec
около 7 лет назад

Уязвимость реализации протокола SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

7.8 High

CVSS3