CVE-2017-15115 - Vulncode-DB

CVE-2017-15115 (NVD)

2017-11-15

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Products	Ubuntu_linux, Debian_linux, Linux_kernel, Linux_enterprise_server
Type	Use After Free (CWE-416)
First patch	https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
Patches	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
Relevant file/s	./net/sctp/socket.c (modified, +4)
Links	• https://usn.ubuntu.com/3581-1/ • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html • https://usn.ubuntu.com/3583-2/ • http://www.securityfocus.com/bid/101877 • https://source.android.com/security/bulletin/pixel/2018-04-01 More/Less (9) • https://usn.ubuntu.com/3582-1/ • https://usn.ubuntu.com/3583-1/ • https://patchwork.ozlabs.org/patch/827077/ • https://usn.ubuntu.com/3581-3/ • https://usn.ubuntu.com/3581-2/ • http://seclists.org/oss-sec/2017/q4/282 • https://usn.ubuntu.com/3582-2/ • https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html • https://bugzilla.redhat.com/show_bug.cgi?id=1513345

linux - Tree: df80cd9b28

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: