blob: de231b47ff23b2ac6429d6b047b3bdb6632f97d3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Description: net: crypto set sk to NULL when af_alg_release.
References:
https://patchwork.ozlabs.org/patch/1042902/
https://bugzilla.novell.com/show_bug.cgi?id=1125907
https://bugzilla.novell.com/show_bug.cgi?id=1125907#c5
Notes:
carnil> This is a followup fix for
carnil> 6d8c50dcb029872b298eea68cc6209c866fd3e14 (4.18-rc1) which was
carnil> CVE-2018-12232. CVE-2018-12232 was affecting only 4.10-rc1
carnil> onwards, quoting the note in CVE-2018-12232.
carnil> Issue introduced with 86741ec25462 ("net: core: Add a UID field
carnil> to struct sock.").
carnil> There might be a more generic follow-up as per
carnil> https://patchwork.ozlabs.org/patch/1046478/
Bugs:
upstream: released (5.0-rc8) [9060cb719e61b685ec0102574e10337fa5f445ea]
4.19-upstream-stable: released (4.19.25) [eb5e6869125f69dd28513f92992d97ec62bb9773]
4.9-upstream-stable: N/A "Vulnerable code introduced later"
3.16-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (4.19.28-1)
4.9-stretch-security: N/A "Vulnerable code introduced later"
3.16-jessie-security: N/A "Vulnerable code introduced later"
|
