Описание
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service.
Отчет
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux Extended Update Support 6.6 | kernel | Affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2016:0715 | 04.05.2016 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2016:1301 | 23.06.2016 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2016:1277 | 23.06.2016 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2016:1341 | 27.06.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS2
Связанные уязвимости
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not prope ...
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
ELSA-2016-3554: Unbreakable Enterprise kernel security update (MODERATE)
EPSS
7.1 High
CVSS2