Published: 31/08/2015 Updated: 13/02/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Race condition in net/sctp/socket.c in the Linux kernel prior to 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem A local user can exploit this flaw to cause a denial of service due to memory ex ...

The system could be made to crash under certain conditions ...

Several security issues were fixed in the kernel ...

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun A local, unprivileged user could use this flaw to ...

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF) A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket ...

CWE-362 https://github.com/torvalds/linux/commit/2d45a02d0166caf2627fe91897c6ffc3b19514c4 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4 https://bugzilla.redhat.com/show_bug.cgi?id=1226442 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76082 http://www.debian.org/security/2015/dsa-3329 http://rhn.redhat.com/errata/RHSA-2015-1787.html http://rhn.redhat.com/errata/RHSA-2015-1778.html http://www.ubuntu.com/usn/USN-2719-1 http://www.ubuntu.com/usn/USN-2718-1 http://www.ubuntu.com/usn/USN-2717-1 http://www.ubuntu.com/usn/USN-2716-1 http://www.ubuntu.com/usn/USN-2715-1 http://www.ubuntu.com/usn/USN-2714-1 http://www.ubuntu.com/usn/USN-2713-1 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://www.securitytracker.com/id/1033169 https://support.f5.com/csp/article/K05211147 https://nvd.nist.gov https://www.debian.org/security/./dsa-3329 https://usn.ubuntu.com/2715-1/https://access.redhat.com/security/cve/cve-2015-3212

CVE-2015-3212

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect