Vulnerability Details : CVE-2015-8767
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
Vulnerability category: Denial of service
Products affected by CVE-2015-8767
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8767
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8767
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
|
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
NIST |
CWE ids for CVE-2015-8767
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8767
-
http://www.ubuntu.com/usn/USN-2930-3
USN-2930-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1301
RHSA-2016:1301 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
[security-announce] SUSE-SU-2016:0911-1: important: Security update forMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1341
RHSA-2016:1341 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2930-2
USN-2930-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
[security-announce] SUSE-SU-2016:1102-1: important: Security update forMailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3448
Debian -- Security Information -- DSA-3448-1 linuxThird Party Advisory
-
https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e
sctp: Prevent soft lockup when sctp_accept() is called during a timeo… · torvalds/linux@635682a · GitHubPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
[security-announce] SUSE-SU-2016:2074-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2932-1
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3503
Debian -- Security Information -- DSA-3503-1 linuxThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1297389
1297389 – (CVE-2015-8767) CVE-2015-8767 kernel: SCTP denial of service during timeoutIssue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2931-1
USN-2931-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/11/4
oss-security - CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
[security-announce] openSUSE-SU-2016:1008-1: important: Security updateMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2967-2
USN-2967-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
[SECURITY] Fedora 22 Update: kernel-4.3.4-200.fc22Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0715.html
RHSA-2016:0715 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2930-1
USN-2930-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://www.securityfocus.com/bid/80268
Linux Kernel 'sctp/sm_sideeffect.c' Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2967-1
USN-2967-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1277
RHSA-2016:1277 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to