Описание
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.8.0-13.22 |
| hardy | not-affected | |
| lucid | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| quantal | not-affected | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | not-affected | |
| quantal | not-affected | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | not-affected | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | abandoned |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| quantal | ignored | end of life |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | abandoned |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| quantal | ignored | end of life |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | abandoned |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| quantal | ignored | end of life |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | not-affected | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | not-affected | |
| quantal | DNE | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | abandoned |
| hardy | DNE | |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| quantal | ignored | end of life |
| upstream | released | 3.9~rc2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | not-affected | |
| precise | not-affected | |
| quantal | not-affected | |
| upstream | released | 3.9~rc2 |
Показывать по
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the L ...
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
EPSS
6.9 Medium
CVSS2