Revision history [back]
 | 1 | initial version | posted 2017-07-03 11:38:42 +0200  |
Prevent soft lockup when sctp_accept() is called during a timeout event in kernel-net-sctp CVE-2015-8767 remote
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. CVSS v3 Base Score: 7.5 High remote
Patch for kernel 3.4 available.
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/sctp/sm_sideeffect.c