Published: 03/07/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The sctp_association_free function in net/sctp/associola.c in the Linux kernel prior to 3.15.2 does not properly manage a certain backlog value, which allows remote malicious users to cause a denial of service (socket outage) via a crafted SCTP packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
suse linux enterprise desktop 11
suse linux enterprise server 11
suse linux enterprise real time extension 11
suse linux enterprise server 10
canonical ubuntu linux 12.04
debian debian linux 7.0

Debian Bug report logs - #728705 gdb fails on s390x with "Couldn't write registers: Invalid argument" Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: gdb Reported by: Thibaut Paumard <thibaut@debianorg> Date: Mon, 4 Nov 2013 13:45:02 UTC Severity: importa ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3534 Martin Schwidefsky of IBM discovered that the ptrace subsystem does not properly sanitize the psw mask value On s390 systems, an unprivileged local user could use this flaw to set address space ...

Several security issues were fixed in the kernel ...

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made ...

NVD-CWE-noinfo https://bugzilla.redhat.com/show_bug.cgi?id=1113967 https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee http://www.openwall.com/lists/oss-security/2014/06/27/11 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 http://www.securityfocus.com/bid/68224 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://www.debian.org/security/2014/dsa-2992 http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://secunia.com/advisories/60596 http://secunia.com/advisories/59790 http://linux.oracle.com/errata/ELSA-2014-3069.html http://linux.oracle.com/errata/ELSA-2014-3068.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728705 https://usn.ubuntu.com/2335-1/https://access.redhat.com/security/cve/cve-2014-4667 https://www.debian.org/security/./dsa-2992

CVE-2014-4667

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect