Back to search
CVE-2015-3332
Published: May 27, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20150414 TCP Fast Open local DoS in some Linux stable branches
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1213951
x_refsource_CONFIRM
DSA-3237
vendor-advisory
x_refsource_DEBIAN
https://bugs.debian.org/782515
x_refsource_CONFIRM
[netdev] 20150414 [stable regression] tcp: make connect() mem charging friendly
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now