Message ID | 1555573812-8996-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2019-3874 - SCTP Denial of Service | expand |
On 18.04.19 09:50, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3874 > > The SCTP socket buffer used by a userspace application is not accounted by > the cgroups subsystem. An attacker can use this flaw to cause a denial of > service attack. Kernel 3.10.x and 4.18.x branches are believed to be > vulnerable. > > Non-trivial backporting effort. Build logs are clean. I've regression tested > these changes by moving 1 GiB of data using SCTP over the loopback interface. > > Tyler > > Xin Long (3): > sctp: use sk_wmem_queued to check for writable space > sctp: implement memory accounting on tx path > sctp: implement memory accounting on rx path > > include/net/sctp/sctp.h | 2 +- > net/sctp/sm_statefuns.c | 6 ++++-- > net/sctp/socket.c | 44 +++++++++++++++----------------------------- > net/sctp/ulpevent.c | 19 ++++++++----------- > net/sctp/ulpqueue.c | 3 ++- > 5 files changed, 30 insertions(+), 44 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 18.04.19 09:50, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3874 > > The SCTP socket buffer used by a userspace application is not accounted by > the cgroups subsystem. An attacker can use this flaw to cause a denial of > service attack. Kernel 3.10.x and 4.18.x branches are believed to be > vulnerable. > > Non-trivial backporting effort. Build logs are clean. I've regression tested > these changes by moving 1 GiB of data using SCTP over the loopback interface. > > Tyler > > Xin Long (3): > sctp: use sk_wmem_queued to check for writable space > sctp: implement memory accounting on tx path > sctp: implement memory accounting on rx path > > include/net/sctp/sctp.h | 2 +- > net/sctp/sm_statefuns.c | 6 ++++-- > net/sctp/socket.c | 44 +++++++++++++++----------------------------- > net/sctp/ulpevent.c | 19 ++++++++----------- > net/sctp/ulpqueue.c | 3 ++- > 5 files changed, 30 insertions(+), 44 deletions(-) > I thought I had already done this series but cannot see my reply (yet?). Doing once more to be sure. Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 4/18/19 9:50 AM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3874 > > The SCTP socket buffer used by a userspace application is not accounted by > the cgroups subsystem. An attacker can use this flaw to cause a denial of > service attack. Kernel 3.10.x and 4.18.x branches are believed to be > vulnerable. > > Non-trivial backporting effort. Build logs are clean. I've regression tested > these changes by moving 1 GiB of data using SCTP over the loopback interface. > > Tyler > > Xin Long (3): > sctp: use sk_wmem_queued to check for writable space > sctp: implement memory accounting on tx path > sctp: implement memory accounting on rx path > > include/net/sctp/sctp.h | 2 +- > net/sctp/sm_statefuns.c | 6 ++++-- > net/sctp/socket.c | 44 +++++++++++++++----------------------------- > net/sctp/ulpevent.c | 19 ++++++++----------- > net/sctp/ulpqueue.c | 3 ++- > 5 files changed, 30 insertions(+), 44 deletions(-) > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 4/18/19 9:50 AM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3874 > > The SCTP socket buffer used by a userspace application is not accounted by > the cgroups subsystem. An attacker can use this flaw to cause a denial of > service attack. Kernel 3.10.x and 4.18.x branches are believed to be > vulnerable. > > Non-trivial backporting effort. Build logs are clean. I've regression tested > these changes by moving 1 GiB of data using SCTP over the loopback interface. > > Tyler > > Xin Long (3): > sctp: use sk_wmem_queued to check for writable space > sctp: implement memory accounting on tx path > sctp: implement memory accounting on rx path > > include/net/sctp/sctp.h | 2 +- > net/sctp/sm_statefuns.c | 6 ++++-- > net/sctp/socket.c | 44 +++++++++++++++----------------------------- > net/sctp/ulpevent.c | 19 ++++++++----------- > net/sctp/ulpqueue.c | 3 ++- > 5 files changed, 30 insertions(+), 44 deletions(-) > Applied to bionic/master-next branch. Thanks, Kleber