Retire CVE-2019-15239

1 files changed, 22 insertions, 0 deletions

diff --git a/retired/CVE-2019-15239 b/retired/CVE-2019-15239
new file mode 100644
index 00000000..558fa90d
--- /dev/null
+++ b/retired/CVE-2019-15239
@@ -0,0 +1,22 @@
+Description: TCP reconnection use-after-free
+References:
+ https://lore.kernel.org/stable/20190813115317.6cgml2mckd3c6u7z@decadent.org.uk/
+ https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf
+Notes:
+ bwh> Introduced by backports of commit 7f582b248d0a
+ bwh> "tcp: purge write queue in tcp_connect_init()" to stable.
+ bwh> Upstream avoided this issue due to the earlier commit
+ bwh> 75c119afe14f "tcp: implement rb-tree based retransmit queue".
+ carnil> As pointed out by Ben, in https://lore.kernel.org/stable/41a61a2f87691d2bc839f26cdfe6f5ff2f51e472.camel@decadent.org.uk/
+ carnil> the issue got already fixed by dbbf2d1e4077 ("tcp: reset
+ carnil> sk_send_head in tcp_write_queue_purge") in 4.14.32, which got
+ carnil> backported to 4.4.187 and 4.9.187.
+Bugs:
+upstream: N/A "Vulnerability never present"
+4.19-upstream-stable: N/A "Vulnerability never present"
+4.9-upstream-stable: released (4.9.187) [704533394e488a109fe46ab3693315376c3824d5]
+3.16-upstream-stable: released (3.16.73) [3157fbc900bdb366b2186e5a6e506cc5e4697cf0]
+sid: N/A "Vulnerability never present"
+4.19-buster-security: N/A "Vulnerability never present"
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/tcp-clear-sk_send_head-after-purging-the-write-queue.patch]
+3.16-jessie-security: released (3.16.72-1) [bugfix/all/tcp-clear-sk_send_head-after-purging-the-write-queue.patch]