diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-06-04 21:51:44 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-06-04 21:51:44 +0200 |
| commit | 5696bc2abdaffecd89b22ab0bba8e211e19364db (patch) | |
| tree | 226d7f0d5ecfa9940852c1d5c13680994cd808e0 /retired/CVE-2019-3874 | |
| parent | 86b55b4e095b6239e34a552741889d47d2ffa610 (diff) | |
Retire CVE-2019-3874
Diffstat (limited to 'retired/CVE-2019-3874')
| -rw-r--r-- | retired/CVE-2019-3874 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2019-3874 b/retired/CVE-2019-3874 new file mode 100644 index 00000000..bf6d47fd --- /dev/null +++ b/retired/CVE-2019-3874 @@ -0,0 +1,23 @@ +Description: SCTP socket unbounded memory usage leading to denial of service +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1686373 + https://discuss.kubernetes.io/t/kubernetes-security-announcement-linux-kernel-memory-cgroups-escape-via-sctp-cve-2019-3874/5594 + https://lore.kernel.org/netdev/20190401113110.GA20717@hmswarspite.think-freely.org/T/#u + https://lore.kernel.org/netdev/cover.1554022192.git.lucien.xin@gmail.com/ + https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=1033990ac5b2ab6cee93734cb6d301aa3a35bcaa + https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=9dde27de3e5efa0d032f3c891a0ca833a0d31911 +Notes: + bwh> Based on the proposed fixes, I don't believe there is a memory + bwh> leak. The issue is that the cgroup memory controller's kmem + bwh> limits didn't affect SCTP sockets. Since it is already usual to + bwh> restrict the socket types allowed in a container, I don't consider + bwh> this an important issue. +Bugs: +upstream: released (5.2-rc1) [1033990ac5b2ab6cee93734cb6d301aa3a35bcaa, 9dde27de3e5efa0d032f3c891a0ca833a0d31911] +4.19-upstream-stable: ignored "Minor issue" +4.9-upstream-stable: ignored "Minor issue" +3.16-upstream-stable: ignored "Minor issue" +sid: released (5.2.6-1) +4.19-buster-security: ignored "Minor issue" +4.9-stretch-security: ignored "Minor issue" +3.16-jessie-security: ignored "Minor issue" |