PT-2019-1635 · Linux+2 · Linux Kernel+2

Jakub Jirasek

Publicado

2019-02-01

Atualizado

2025-09-29

CVE-2019-8956

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 4.20.8 Linux Kernel versions prior to 4.19.21

Description A use-after-free error in the sctp sendmsg() function when handling the SCTP SENDALL flag can be exploited to corrupt memory, potentially allowing an attacker to cause a denial of service or elevate their privileges. The issue is related to the implementation of the SCTP protocol in the Linux Kernel.

Recommendations For Linux Kernel versions prior to 4.20.8, update to version 4.20.8 or later to resolve the issue. For Linux Kernel versions prior to 4.19.21, update to version 4.19.21 or later to resolve the issue. As a temporary workaround, consider disabling the sctp sendmsg() function until a patch is available.

Exploit

Correção

Use After Free

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416CWE-787

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2019-1231

ALT-PU-2019-1286

BDU:2019-01183

CVE-2019-8956

USN-3930-1

USN-3930-2

Produtos afetados

Alt Linux

Linux Kernel

Ubuntu

PT-2019-1635 · Linux+2 · Linux Kernel+2

CVE-2019-8956

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40