USN-3266-2 linux-hwe vulnerability

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3265-1 advisory. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause...

USN-3264-1 linux vulnerability

Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash...

Cisco NetFlow Generation Appliance SCTP decoder denial of service vulnerability

Cisco NetFlow Generation Appliance is the United States Cisco Cisco company's set of scalable for data centers to achieve traffic visibility solutions. A denial of service vulnerability exists in the processing of SCTP messages by the SCTP decoder in the Cisco NetFlow Generation Appliance. A remo...

DEBIAN-CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. NOTE: this vulnerability exists because...

kernel: Slab out-of-bounds access in sctp_sf_ootb()

A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash...

USN-3188-1 linux vulnerability

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash...

Linux Kernel Information Disclosure Vulnerability (CNVD-2016-11671)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'sctpsfootb' function of the net/sctp/smstatefuns.c file in versions of the Linux kernel prior to 4.8.8, which stems from the program's...

UBUNTU-CVE-2016-9555

The sctpsfootb function in net/sctp/smstatefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service out-of-bounds slab access or possibly have unspecified other impact via crafted SCTP data...

The vulnerability of the Linux operating system, which allows a malicious individual to trigger a service failure

Absent users may cause service failure dereferencing of NULL pointers when using the SCTP network protocol...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

USN-2932-1 linux-lts-vivid vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

CVE-2016-1879

The Stream Control Transmission Protocol SCTP module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service assertion failure or NULL pointer dereference and kernel panic via a crafted ICMPv6...

Null pointer dereference

The Stream Control Transmission Protocol SCTP module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service assertion failure or NULL pointer dereference and kernel panic via a crafted ICMPv6...

FreeBSD ICMP v6 SCTP Packet Header Denial of Service Vulnerability

FreeBSD is a set of Unix-like free operating systems from the FreeBSD project, run by the Core Team team. A denial of service vulnerability exists in the FreeBSD ICMP v6 SCTP packet header, which arises due to a failure to properly handle the SCTP protocol packet header and is triggered when an...

Wireshark SCTP Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. Wireshark version 2.0.x prior to 2.0.1 and version 1.12.x prior to 1.12.9, epan/dissectors/packet-sctp.c in the SCTP parser does not validate the frame pointer, which can be exploited by remote attackers to cause a denial of service null...

UBUNTU-CVE-2015-8722

epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet...

kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded...

USN-2797-1 linux-lts-utopic vulnerabilities

It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service...