CVE-2015-1421
6.1 Medium
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.061 Low
EPSS
Percentile
93.5%
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=600ddd6825543962fb807884169e57b580dba208
lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.html
lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
rhn.redhat.com/errata/RHSA-2015-0726.html
rhn.redhat.com/errata/RHSA-2015-0751.html
rhn.redhat.com/errata/RHSA-2015-0782.html
rhn.redhat.com/errata/RHSA-2015-0864.html
rhn.redhat.com/errata/RHSA-2015-1082.html
www.debian.org/security/2015/dsa-3170
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8
www.openwall.com/lists/oss-security/2015/01/29/15
www.securityfocus.com/bid/72356
www.securitytracker.com/id/1032172
www.ubuntu.com/usn/USN-2541-1
www.ubuntu.com/usn/USN-2542-1
www.ubuntu.com/usn/USN-2545-1
www.ubuntu.com/usn/USN-2546-1
www.ubuntu.com/usn/USN-2562-1
www.ubuntu.com/usn/USN-2563-1
bugzilla.redhat.com/show_bug.cgi?id=1196581
github.com/torvalds/linux/commit/600ddd6825543962fb807884169e57b580dba208
Social References
More
Related
6.1 Medium
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.061 Low
EPSS
Percentile
93.5%