10

CVE-2015-1421

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.24 < 3.2.67
LinuxLinux Kernel Version >= 3.3 < 3.4.107
LinuxLinux Kernel Version >= 3.5 < 3.10.70
LinuxLinux Kernel Version >= 3.11 < 3.12.38
LinuxLinux Kernel Version >= 3.13 < 3.14.34
LinuxLinux Kernel Version >= 3.15 < 3.16.35
LinuxLinux Kernel Version >= 3.17 < 3.18.8
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 13.93% 0.941
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
http://www.securityfocus.com/bid/72356
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032172
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1196581
Third Party Advisory
Issue Tracking