Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5283

Опубликовано: 22 сент. 2015
Источник: redhat
CVSS2: 4.7
EPSS Низкий

Описание

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.

Отчет

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7. Due to the limited security impact the issue is currently not planned to be addressed in Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:241119.11.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:215219.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476->CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=1257528kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

EPSS

Процентиль: 31%
0.00114
Низкий

4.7 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5283

ubuntu
больше 9 лет назад

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

nvd логотип

CVE-2015-5283

nvd
больше 9 лет назад

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

debian логотип

CVE-2015-5283

debian
больше 9 лет назад

The sctp_init function in net/sctp/protocol.c in the Linux kernel befo ...

github логотип

GHSA-3v9v-m657-f3rh

github
около 3 лет назад

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

oracle-oval логотип

ELSA-2015-3101

oracle-oval
больше 9 лет назад

ELSA-2015-3101: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 31%
0.00114
Низкий

4.7 Medium

CVSS2