NULL pointer dereference in Linux Linux_kernel

CVE-2014-5077

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establi…

EPSS: 0.128 (94.2th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Canonical Ubuntu_linux — versions 12.04, 14.04
Redhat Enterprise_linux_eus — versions 6.5
Redhat Enterprise_linux_server_aus — versions 6.2, 6.5
Redhat Enterprise_linux_server_tus — versions 6.5
Suse Linux_enterprise_desktop — versions 11
Suse Linux_enterprise_real_time_extension — versions 11
Suse Linux_enterprise_server — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

60545 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
62563 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
SUSE-SU-2014:1316 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
USN-2335-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
USN-2334-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
60430 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
SUSE-SU-2014:1319 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
60564 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
RHSA-2014:1083 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)