CVE-2019-8956

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 4.20.8 Linux Kernel versions prior to 4.19.21

Description A use-after-free error in the sctp sendmsg() function when handling the SCTP SENDALL flag can be exploited to corrupt memory, potentially allowing an attacker to cause a denial of service or elevate their privileges. The issue is related to the implementation of the SCTP protocol in the Linux Kernel.

Recommendations For Linux Kernel versions prior to 4.20.8, update to version 4.20.8 or later to resolve the issue. For Linux Kernel versions prior to 4.19.21, update to version 4.19.21 or later to resolve the issue. As a temporary workaround, consider disabling the sctp sendmsg() function until a patch is available.

Exploit

Fix

Use After Free

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-787

Related Identifiers

ALSA-2025_16880

ALT-PU-2019-1231

ALT-PU-2019-1286

BDU:2019-01183

CVE-2019-8956

USN-3930-1

USN-3930-2

Affected Products

Alt Linux

Linux Kernel

Ubuntu

CVE-2019-8956

Weakness Enumeration

Related Identifiers

Affected Products

References · 40