CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
EPSS
Percentile
10.1%
The sctp_init function in net/sctp/protocol.c in the Linux kernel before
4.2.3 has an incorrect sequence of protocol-initialization steps, which
allows local users to cause a denial of service (panic or memory
corruption) by creating SCTP sockets before all of the steps have finished.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | linux | < 3.13.0-70.113 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | < 3.19.0-37.42 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-71.114~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-52.71~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-37.42~14.04.1 | UNKNOWN |
patchwork.ozlabs.org/patch/515996/
launchpad.net/bugs/cve/CVE-2015-5283
nvd.nist.gov/vuln/detail/CVE-2015-5283
security-tracker.debian.org/tracker/CVE-2015-5283
ubuntu.com/security/notices/USN-2797-1
ubuntu.com/security/notices/USN-2823-1
ubuntu.com/security/notices/USN-2826-1
ubuntu.com/security/notices/USN-2829-1
ubuntu.com/security/notices/USN-2829-2
www.cve.org/CVERecord?id=CVE-2015-5283