Back to search
CVE-2015-5283
Published: Oct 19, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3
x_refsource_CONFIRM
DSA-3372
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=1257528
x_refsource_CONFIRM
USN-2826-1
vendor-advisory
x_refsource_UBUNTU
77058
vdb-entry
x_refsource_BID
SUSE-SU-2015:1727
vendor-advisory
x_refsource_SUSE
SUSE-SU-2015:2194
vendor-advisory
x_refsource_SUSE
https://security-tracker.debian.org/tracker/CVE-2015-5283
x_refsource_CONFIRM
USN-2829-2
vendor-advisory
x_refsource_UBUNTU
USN-2829-1
vendor-advisory
x_refsource_UBUNTU
USN-2823-1
vendor-advisory
x_refsource_UBUNTU
1033808
vdb-entry
x_refsource_SECTRACK
http://patchwork.ozlabs.org/patch/515996/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now