Vulnerability Details : CVE-2015-3212
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
Vulnerability category: Denial of service
Products affected by CVE-2015-3212
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3212
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3212
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2015-3212
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3212
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2
Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1226442
1226442 – (CVE-2015-3212) CVE-2015-3212 kernel: SCTP race condition allows list corruption and panic from userlevel
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
https://github.com/torvalds/linux/commit/2d45a02d0166caf2627fe91897c6ffc3b19514c4
sctp: fix ASCONF list handling · torvalds/linux@2d45a02 · GitHubVendor Advisory
-
http://www.ubuntu.com/usn/USN-2715-1
USN-2715-1: Linux kernel (Trusty HWE) vulnerability | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
[security-announce] SUSE-SU-2015:1324-1: important: Security update for
-
https://support.f5.com/csp/article/K05211147
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
[security-announce] openSUSE-SU-2015:1382-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2719-1
USN-2719-1: Linux kernel vulnerability | Ubuntu security notices
-
http://www.debian.org/security/2015/dsa-3329
Debian -- Security Information -- DSA-3329-1 linux
-
http://rhn.redhat.com/errata/RHSA-2015-1778.html
RHSA-2015:1778 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://rhn.redhat.com/errata/RHSA-2015-1787.html
RHSA-2015:1787 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2716-1
USN-2716-1: Linux kernel vulnerability | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2717-1
USN-2717-1: Linux kernel (Utopic HWE) vulnerability | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2713-1
USN-2713-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/76082
Linux Kernel CVE-2015-3212 Local Security Bypass Vulnerability
-
http://www.ubuntu.com/usn/USN-2714-1
USN-2714-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2718-1
USN-2718-1: Linux kernel (Vivid HWE) vulnerability | Ubuntu security notices
-
http://www.securitytracker.com/id/1033169
Linux Kernel SCTP Race Condition Lets Local Users Cause a Kernel Panic - SecurityTracker
Jump to