Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-5283
HistoryOct 19, 2015 - 12:00 a.m.

CVE-2015-5283

2015-10-1900:00:00
ubuntu.com
ubuntu.com
17

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS

0

Percentile

10.1%

The sctp_init function in net/sctp/protocol.c in the Linux kernel before
4.2.3 has an incorrect sequence of protocol-initialization steps, which
allows local users to cause a denial of service (panic or memory
corruption) by creating SCTP sockets before all of the steps have finished.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-70.113UNKNOWN
ubuntu15.04noarchlinux< 3.19.0-37.42UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-71.114~precise1UNKNOWN
ubuntu14.04noarchlinux-lts-utopic< 3.16.0-52.71~14.04.1UNKNOWN
ubuntu14.04noarchlinux-lts-vivid< 3.19.0-37.42~14.04.1UNKNOWN

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS

0

Percentile

10.1%