{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-8956", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "UNKNOWN", "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "4.20.x prior to 4.20.8" }, { "version_value": "4.19.x prior to 4.19.21" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Privilege escalation" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21" }, { "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8" }, { "refsource": "MISC", "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/" }, { "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0", "url": "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0" }, { "refsource": "UBUNTU", "name": "USN-3930-1", "url": "https://usn.ubuntu.com/3930-1/" }, { "refsource": "UBUNTU", "name": "USN-3930-2", "url": "https://usn.ubuntu.com/3930-2/" }, { "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K12671141", "url": "https://support.f5.com/csp/article/K12671141" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the \"sctp_sendmsg()\" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory." } ] } }