Prevent soft lockup when sctp_accept() is called during a timeout event in kernel-net-sctp CVE-2015-8767 remote

Tracked by Jolla (In progress)

asked 2017-07-03 11:38:42 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-07-03 11:38:42 +0200

lpr gravatar image

Description

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. CVSS v3 Base Score: 7.5 High remote

Patch for kernel 3.4 available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/sctp/sm_sideeffect.c

edit retag flag offensive close delete