retired/CVE-2022-20154


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Description: sctp: use call_rcu to free endpoint
References:
 https://source.android.com/security/bulletin/pixel/2022-06-01
Notes:
 bwh> Introdued in 4.14 by commit d25adbeb0cdb "sctp: fix an
 bwh> use-after-free issue in sctp_sock_dump".
Bugs:
upstream: released (5.16-rc8) [5ec7d18d1813a5bead0b495045606c93873aecbb]
5.10-upstream-stable: released (5.10.90) [769d14abd35e0e153b5149c3e1e989a9d719e3ff]
4.19-upstream-stable: released (4.19.224) [af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec]
4.9-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.15.15-1)
5.10-bullseye-security: released (5.10.92-1)
4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: N/A "Vulnerability introduced later"