First published: Mon Apr 01 2019(Updated: )
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
Credit: PSIRT-CNA@flexerasoftware.com PSIRT-CNA@flexerasoftware.com PSIRT-CNA@flexerasoftware.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=4.17<4.19.21 | |
Linux Linux kernel | >=4.20<4.20.8 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8956 is a vulnerability in the Linux Kernel that allows for a use-after-free error in the "sctp_sendmsg()" function when handling SCTP_SENDALL flag, which can be exploited to corrupt memory.
The severity of CVE-2019-8956 is not provided.
Details on how to exploit CVE-2019-8956 are not provided.
To fix CVE-2019-8956, update your Linux Kernel to versions 4.20.8 or 4.19.21.
You can find more information about CVE-2019-8956 at the following references: [1] [2] [3]