diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-08-20 22:29:03 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-08-20 22:29:03 +0200 |
commit | 085d86e0b9935566761a1bbf9ae9b10803ac0bd2 (patch) | |
tree | a81575bedc289ed509afbecf3427e85fd7ad3d26 /retired/CVE-2019-15239 | |
parent | 1ac79c0ac98cf283bd48d57055f4599ba36a537a (diff) |
Retire CVE-2019-15239
Diffstat (limited to 'retired/CVE-2019-15239')
-rw-r--r-- | retired/CVE-2019-15239 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/retired/CVE-2019-15239 b/retired/CVE-2019-15239 new file mode 100644 index 00000000..558fa90d --- /dev/null +++ b/retired/CVE-2019-15239 @@ -0,0 +1,22 @@ +Description: TCP reconnection use-after-free +References: + https://lore.kernel.org/stable/20190813115317.6cgml2mckd3c6u7z@decadent.org.uk/ + https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf +Notes: + bwh> Introduced by backports of commit 7f582b248d0a + bwh> "tcp: purge write queue in tcp_connect_init()" to stable. + bwh> Upstream avoided this issue due to the earlier commit + bwh> 75c119afe14f "tcp: implement rb-tree based retransmit queue". + carnil> As pointed out by Ben, in https://lore.kernel.org/stable/41a61a2f87691d2bc839f26cdfe6f5ff2f51e472.camel@decadent.org.uk/ + carnil> the issue got already fixed by dbbf2d1e4077 ("tcp: reset + carnil> sk_send_head in tcp_write_queue_purge") in 4.14.32, which got + carnil> backported to 4.4.187 and 4.9.187. +Bugs: +upstream: N/A "Vulnerability never present" +4.19-upstream-stable: N/A "Vulnerability never present" +4.9-upstream-stable: released (4.9.187) [704533394e488a109fe46ab3693315376c3824d5] +3.16-upstream-stable: released (3.16.73) [3157fbc900bdb366b2186e5a6e506cc5e4697cf0] +sid: N/A "Vulnerability never present" +4.19-buster-security: N/A "Vulnerability never present" +4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/tcp-clear-sk_send_head-after-purging-the-write-queue.patch] +3.16-jessie-security: released (3.16.72-1) [bugfix/all/tcp-clear-sk_send_head-after-purging-the-write-queue.patch] |