Description: SCTP socket unbounded memory usage leading to denial of service
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=1686373
 https://discuss.kubernetes.io/t/kubernetes-security-announcement-linux-kernel-memory-cgroups-escape-via-sctp-cve-2019-3874/5594
 https://lore.kernel.org/netdev/20190401113110.GA20717@hmswarspite.think-freely.org/T/#u
 https://lore.kernel.org/netdev/cover.1554022192.git.lucien.xin@gmail.com/
 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=1033990ac5b2ab6cee93734cb6d301aa3a35bcaa
 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=9dde27de3e5efa0d032f3c891a0ca833a0d31911
Notes:
 bwh> Based on the proposed fixes, I don't believe there is a memory
 bwh> leak.  The issue is that the cgroup memory controller's kmem
 bwh> limits didn't affect SCTP sockets.  Since it is already usual to
 bwh> restrict the socket types allowed in a container, I don't consider
 bwh> this an important issue.
 carnil> Only first commit backported to 4.19.137, the second is missing.
Bugs:
upstream: released (5.2-rc1) [1033990ac5b2ab6cee93734cb6d301aa3a35bcaa, 9dde27de3e5efa0d032f3c891a0ca833a0d31911]
4.19-upstream-stable: released (4.19.137) [9a84bb13816fe3b361a75e10ee9821ab68aa36f5]
4.9-upstream-stable: ignored "Minor issue"
3.16-upstream-stable: ignored "Minor issue"
sid: released (5.2.6-1)
4.19-buster-security: released (4.19.146-1)
4.9-stretch-security: ignored "Minor issue"
3.16-jessie-security: ignored "Minor issue"