Vulners
Lucene search
Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability
| Reporter | Title | Published | Views | Family All 248 |
|---|---|---|---|---|
 | Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM | 17 May 201916:05 | – | ibm |
 | Medium: kernel | 19 Apr 201800:00 | – | amazon |
 | Amazon Linux AMI : kernel (ALAS-2018-993) | 20 Apr 201800:00 | – | nessus |
| CentOS 6 : kernel (CESA-2018:1854) (Spectre) | 22 Jun 201800:00 | – | nessus |
| CentOS 7 : kernel (CESA-2018:3083) | 16 Nov 201800:00 | – | nessus |
| Debian DLA-1369-1 : linux security update (Spectre) | 3 May 201800:00 | – | nessus |
| Debian DSA-4187-1 : linux - security update (Spectre) | 2 May 201800:00 | – | nessus |
| Debian DSA-4188-1 : linux - security update (Spectre) | 2 May 201800:00 | – | nessus |
| EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260) | 18 Sep 201800:00 | – | nessus |
| EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432) | 28 Dec 201800:00 | – | nessus |
10
Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability
======================================================================
1) Affected Software
* Linux Kernel version 4.15.0.
Other versions may also by affected.
======================================================================
2) Severity
Rating: Not critical
Impact: Denial of Service
Where: Local System
======================================================================
3) Description of Vulnerability
Secunia Research has discovered a vulnerability in Linux Kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).
An error in the "_sctp_make_chunk()" function
(net/sctp/sm_make_chunk.c) when handling SCTP packets length can be
exploited to cause a kernel crash.
The vulnerability is confirmed in versions 4.15.0-r7 and 4.15.0.
Other versions may also be affected.
======================================================================
4) Solution
Fixed in the source code repository.
https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
======================================================================
5) Time Table
2018/02/07 - Linux Kernel team contacted with vulnerability details.
2018/02/07 - Linux Kernel team advised reporting the vulnerability
publicly via netdev mailing list.
2018/02/07 - Public disclosure of the vulnerability on netdev mailing
list.
2018/02/09 - The vulnerability additionally reported on linux-sctp
mailing list.
2018/02/28 - Release of Secunia Advisory SA81331.
2018/02/28 - Public disclosure of Secunia Research Advisory.
======================================================================
6) Credits
Jakub Jirasek, Secunia Research at Flexera.
Additionally reported by Alexey Kodanev.
# 0day.today [2018-04-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Mar 2018 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.0055