CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.8%
The sctp_association_free function in net/sctp/associola.c in the Linux
kernel before 3.15.2 does not properly manage a certain backlog value,
which allows remote attackers to cause a denial of service (socket outage)
via a crafted SCTP packet.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-65.131 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-68.102 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-35.62 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1637.54 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-369.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-35.62~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1452.72 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2014-4667
nvd.nist.gov/vuln/detail/CVE-2014-4667
security-tracker.debian.org/tracker/CVE-2014-4667
ubuntu.com/security/notices/USN-2332-1
ubuntu.com/security/notices/USN-2333-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
ubuntu.com/security/notices/USN-2336-1
ubuntu.com/security/notices/USN-2337-1
www.cve.org/CVERecord?id=CVE-2014-4667