oss-sec mailing list archives
Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference
From: cve-assign () mitre org
Date: Fri, 25 Jul 2014 22:21:43 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Linux kernel built with the support for Stream Control Transmission Protocol (CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between a same pair of hosts. A remote user/program could use this flaw to crash the system kernel resulting in DoS. http://patchwork.ozlabs.org/patch/372475/
Use CVE-2014-5077 for this issue in the sctp_assoc_update function in net/sctp/associola.c (not yet patched at http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/sctp/associola.c). - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT0xAbAAoJEKllVAevmvmsiHcIAMNXsXM6x1ZWJg76+Cx/KDBu CP2O8uheLuZ6DysmnF0UjN8x9LVSN3QEnKlhohULeohoslSISkiQr7bJLtYodLjA lvugVwmOhSPKiz/5ro8RoTTNNljDY3xGOE4+W+m8ypbTK69Dudqu0gEWe5ipSLWF CzaYajr0uB76jv+i6qaGxfiEClcSkGRbV25uq3t8DFYlNyu9phVTrHk16MzQi3Us 3rST3OviZX2ZVVmx/IP0XuN7HVS6TXCuwA1mAlpXnADLvwQ7UVxr5O9Gvzor3d3M adGp6FZ7cJ28WJICemDct3Y2ELQNJE2H99wsXAhOQf2+VfeHRmEJ42GHNVFh7mI= =RQ8e -----END PGP SIGNATURE-----
Current thread:
- CVE request Linux Kernel: net: SCTP: NULL pointer dereference P J P (Jul 24)
- Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference cve-assign (Jul 25)
- Re: Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference Daniel Borkmann (Jul 26)
- Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference cve-assign (Jul 25)