blob: eef4a9cb0ee18c8a551a537509b3073ea9f8e0aa (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: SCTP socket unbounded memory usage leading to denial of service
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1686373
https://discuss.kubernetes.io/t/kubernetes-security-announcement-linux-kernel-memory-cgroups-escape-via-sctp-cve-2019-3874/5594
https://lore.kernel.org/netdev/20190401113110.GA20717@hmswarspite.think-freely.org/T/#u
https://lore.kernel.org/netdev/cover.1554022192.git.lucien.xin@gmail.com/
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=1033990ac5b2ab6cee93734cb6d301aa3a35bcaa
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=9dde27de3e5efa0d032f3c891a0ca833a0d31911
Notes:
bwh> Based on the proposed fixes, I don't believe there is a memory
bwh> leak. The issue is that the cgroup memory controller's kmem
bwh> limits didn't affect SCTP sockets. Since it is already usual to
bwh> restrict the socket types allowed in a container, I don't consider
bwh> this an important issue.
carnil> Only first commit backported to 4.19.137, the second is missing.
Bugs:
upstream: released (5.2-rc1) [1033990ac5b2ab6cee93734cb6d301aa3a35bcaa, 9dde27de3e5efa0d032f3c891a0ca833a0d31911]
4.19-upstream-stable: released (4.19.137) [9a84bb13816fe3b361a75e10ee9821ab68aa36f5]
4.9-upstream-stable: ignored "Minor issue"
3.16-upstream-stable: ignored "Minor issue"
sid: released (5.2.6-1)
4.19-buster-security: released (4.19.146-1)
4.9-stretch-security: ignored "Minor issue"
3.16-jessie-security: ignored "Minor issue"
|
