Vulnerability in Linux Linux_kernel
CVE-2014-4667
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP pa…
EPSS: 0.141 (94.5th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Canonical Ubuntu_linux — versions 12.04
- Debian Debian_linux — versions 7.0
- Suse Linux_enterprise_desktop — versions 11
- Suse Linux_enterprise_real_time_extension — versions 11
- Suse Linux_enterprise_server — versions 10, 11
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
- SUSE-SU-2014:1316 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- [oss-security] 20140627 Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- 59790 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- USN-2335-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- USN-2334-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- SUSE-SU-2014:1319 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 60564 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 68224 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 59777 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)