« List of all CVEs

CVE-2019-8956

Published: 4/1/2019 Last updated: 8/4/2024 Reserved: 2/20/2019

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

CNA assigner: flexera (44d08088-2bea-4760-83a6-1e9be26b15ab) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product Vendor Version
Linux Kernel UNKNOWN < bc1db4d8f1b0dc480d7d745a60a8cc94ce2badd4

References (28)