Message ID | 1550741312-27390-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2019-8912 - AF_ALG use after free | expand |
On 2019-02-21 09:28:31 , Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8912.html > > In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c > neglects to set a NULL value for a certain structure member, which leads to a > use-after-free in sockfs_setattr. > > Clean cherry pick back to Bionic (Xenial and older are not affected). I've > successfully tested the fix with the syzkaller reproducer under Bionic and > Cosmic. > > Tyler > > Mao Wenan (1): > net: crypto set sk to NULL when af_alg_release. > > crypto/af_alg.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On Thu, Feb 21, 2019 at 09:28:31AM +0000, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8912.html > > In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c > neglects to set a NULL value for a certain structure member, which leads to a > use-after-free in sockfs_setattr. > > Clean cherry pick back to Bionic (Xenial and older are not affected). I've > successfully tested the fix with the syzkaller reproducer under Bionic and > Cosmic. Applied to disco and unstable, thanks!