CVE-2015-1421
CVE-2015-1421
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=600ddd6825543962fb807884169e57b580dba208http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0726.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0751.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0782.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0864.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1082.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1196581https://github.com/torvalds/linux/commit/600ddd6825543962fb807884169e57b580dba208http://www.debian.org/security/2015/dsa-3170http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8