Use-After-Free

kernel-rt is vulnerable to use-after-free. The vulnerability exists in sctpassocupdate function in net/sctp/associola.c which allows an attacker to cause a memory corruption resulting an application crash...

Oracle Linux 7 : kernel (ELSA-2015-0726)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0726 advisory. - infiniband core: Prevent integer overflow in ibumemget address arithmetic Doug Ledford 1181177 1179347 CVE-2014-8159 Tenable has extracted the...

CVE-2015-1421

Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...

Design/Logic Flaw

Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...

CVE-2015-1421

CVE-2015-1421 is a use-after-free in the Linux kernel SCTP path (sctp_assoc_update in net/sctp/associola.c) that allows a remote attacker to trigger an INIT collision, leading to slab corruption and a kernel panic (DoS) with potentially other impact. Affected condition: kernel versions prior to 3...

CVE-2015-1421

Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...

Oracle Linux 6 : kernel (ELSA-2014-1392)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1392 advisory. - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094458 CVE-2014-0205 Tenable has extracted the preceding description block direct...

Null pointer dereference

The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...

CVE-2014-5077

CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...

CVE-2014-5077

The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...