Veracode Vulnerability DatabaseVERACODE:18067Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
Linux kernel is vulnerable to race conditions. This occurs in sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel. If the socket tx buffer is full,a thread is waiting on it to queue more data and meanwhile another thread peels off the association being used by the first thread which allows local users to cause denial of service conditions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kernel | eq | 3.10.0__514.16.2.p7ih.el7 | |
| kernel | eq | 3.10.0__514.16.1.el7 |
References
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90
www.debian.org/security/2017/dsa-3804
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
www.openwall.com/lists/oss-security/2017/02/14/6
www.securityfocus.com/bid/96222
access.redhat.com/articles/3034221
access.redhat.com/errata/RHSA-2017:1308
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1420276
bugzilla.redhat.com/show_bug.cgi?id=1431197
github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C