FS#41329 - [linux-lts] 3.14.x net: SCTP: NULL pointer dereference

Attached to Project: Arch Linux
Opened by Mark E. Lee (bluerider) - Thursday, 24 July 2014, 16:47 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Wednesday, 13 August 2014, 08:44 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Andreas Radke (AndyRTR)
Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

From OSS Security:
Hello,

Linux kernel built with the support for Stream Control Transmission Protocol (CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between a same pair of hosts.

A remote user/program could use this flaw to crash the system kernel resulting
in DoS.

Upstream fix:
- -------------
-> http://patchwork.ozlabs.org/patch/372475/


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

This task depends upon

Closed by  Bartłomiej Piotrowski (Barthalion)
Wednesday, 13 August 2014, 08:44 GMT
Reason for closing:  Fixed
Additional comments about closing:  linux-lts 3.14.16-2
Comment by Daniel Micay (thestinger) - Monday, 04 August 2014, 18:12 GMT
This is fixed in 3.16, but 3.14.15 still appears to be vulnerable.

Loading...