CVE-2015-3212

Опубликовано: 30 июн. 2015

Источник: redhat

CVSS2: 5.6

EPSS Низкий

Описание

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket.

Отчет

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2015:1788	15.09.2015
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:1778	15.09.2015
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2015:1787	15.09.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-667

https://bugzilla.redhat.com/show_bug.cgi?id=1226442kernel: SCTP race condition allows list corruption and panic from userlevel

EPSS

Процентиль: 24%

0.00077

Низкий

5.6 Medium

CVSS2

Связанные уязвимости

CVE-2015-3212

ubuntu

почти 10 лет назад

CVE-2015-3212

nvd

почти 10 лет назад

CVE-2015-3212

debian

почти 10 лет назад

Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 a ...

GHSA-5g2m-574j-wg7c

github

около 3 лет назад

ELSA-2015-3078

oracle-oval

почти 10 лет назад

ELSA-2015-3078: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 24%

0.00077

Низкий

5.6 Medium

CVSS2