CVE-2019-8956

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctpsendmsg()" function (net/sctp/socket.c) when handling SCTPSENDALL flag can be exploited to corrupt memory.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
Events: Introduced

29dcea88779c856c7dc92040a0c01233263101d4

Fixed

43d3d5141515dd201aa6d268e3c02fb7383769f6

Introduced

8fe28cb58bcb235034b64cbbb7550a8a43fd88be

Fixed

0788acb1a3ed1589da1768ba64b1e5c76e8cb661

Affected versions

v4.*

v4.17

v4.18

v4.18-rc1

v4.18-rc2

v4.18-rc3

v4.18-rc4

v4.18-rc5

v4.18-rc6

v4.18-rc7

v4.18-rc8

v4.19

v4.19-rc1

v4.19-rc2

v4.19-rc3

v4.19-rc4

v4.19-rc5

v4.19-rc6

v4.19-rc7

v4.19-rc8

v4.19.1

v4.19.10

v4.19.11

v4.19.12

v4.19.13

v4.19.14

v4.19.15

v4.19.16

v4.19.17

v4.19.18

v4.19.19

v4.19.2

v4.19.20

v4.19.3

v4.19.4

v4.19.5

v4.19.6

v4.19.7

v4.19.8

v4.19.9

v4.20

v4.20-rc1

v4.20-rc2

v4.20-rc3

v4.20-rc4

v4.20-rc5

v4.20-rc6

v4.20-rc7

v4.20.1

v4.20.2

v4.20.3

v4.20.4

v4.20.5

v4.20.6

v4.20.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8956.json"