ID CVE-2015-1421
Summary Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
References
Vulnerable Configurations
  • Linux Kernel 3.18.7
    cpe:2.3:o:linux:linux_kernel:3.18.7
CVSS
Base: 10.0 (as of 16-03-2015 - 10:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
redhat via4
advisories
  • bugzilla
    id 1196581
    title CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726005
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726033
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726025
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726017
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726009
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726023
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726031
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726007
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726029
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726027
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726021
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726019
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726013
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726015
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-229.1.2.el7
          oval oval:com.redhat.rhsa:tst:20150726011
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111849018
    rhsa
    id RHSA-2015:0726
    released 2015-03-26
    severity Important
    title RHSA-2015:0726: kernel security and bug fix update (Important)
  • bugzilla
    id 1203359
    title kernel-rt: rebase tree to match RHEL7.1.z source tree
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727005
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727013
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727015
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727011
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727021
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727022
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727007
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727009
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-virt is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727017
        • comment kernel-rt-virt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727018
      • AND
        • comment kernel-rt-virt-devel is earlier than 0:3.10.0-229.1.2.rt56.141.2.el7_1
          oval oval:com.redhat.rhsa:tst:20150727019
        • comment kernel-rt-virt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727020
    rhsa
    id RHSA-2015:0727
    released 2015-03-26
    severity Important
    title RHSA-2015:0727: kernel-rt security and bug fix update (Important)
  • bugzilla
    id 1198109
    title CVE-2014-8171 kernel: memcg: OOM handling DoS
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864005
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864027
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864009
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864015
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864013
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864019
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864025
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-firmware is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864029
        • comment kernel-firmware is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842026
      • AND
        • comment kernel-headers is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864007
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864023
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864021
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment perf is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864017
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:2.6.32-504.16.2.el6
          oval oval:com.redhat.rhsa:tst:20150864011
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111849018
    rhsa
    id RHSA-2015:0864
    released 2015-04-21
    severity Important
    title RHSA-2015:0864: kernel security and bug fix update (Important)
  • rhsa
    id RHSA-2015:0751
  • rhsa
    id RHSA-2015:0782
rpms
  • kernel-0:3.10.0-229.1.2.el7
  • kernel-abi-whitelists-0:3.10.0-229.1.2.el7
  • kernel-bootwrapper-0:3.10.0-229.1.2.el7
  • kernel-debug-0:3.10.0-229.1.2.el7
  • kernel-debug-devel-0:3.10.0-229.1.2.el7
  • kernel-devel-0:3.10.0-229.1.2.el7
  • kernel-doc-0:3.10.0-229.1.2.el7
  • kernel-headers-0:3.10.0-229.1.2.el7
  • kernel-kdump-0:3.10.0-229.1.2.el7
  • kernel-kdump-devel-0:3.10.0-229.1.2.el7
  • kernel-tools-0:3.10.0-229.1.2.el7
  • kernel-tools-libs-0:3.10.0-229.1.2.el7
  • kernel-tools-libs-devel-0:3.10.0-229.1.2.el7
  • perf-0:3.10.0-229.1.2.el7
  • python-perf-0:3.10.0-229.1.2.el7
  • kernel-rt-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-debug-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-debug-devel-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-devel-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-doc-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-trace-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-trace-devel-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-virt-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-rt-virt-devel-0:3.10.0-229.1.2.rt56.141.2.el7_1
  • kernel-0:2.6.32-504.16.2.el6
  • kernel-abi-whitelists-0:2.6.32-504.16.2.el6
  • kernel-bootwrapper-0:2.6.32-504.16.2.el6
  • kernel-debug-0:2.6.32-504.16.2.el6
  • kernel-debug-devel-0:2.6.32-504.16.2.el6
  • kernel-devel-0:2.6.32-504.16.2.el6
  • kernel-doc-0:2.6.32-504.16.2.el6
  • kernel-firmware-0:2.6.32-504.16.2.el6
  • kernel-headers-0:2.6.32-504.16.2.el6
  • kernel-kdump-0:2.6.32-504.16.2.el6
  • kernel-kdump-devel-0:2.6.32-504.16.2.el6
  • perf-0:2.6.32-504.16.2.el6
  • python-perf-0:2.6.32-504.16.2.el6
refmap via4
bid 72356
confirm
debian DSA-3170
mlist [oss-security] 20150129 Re: CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions
sectrack 1032172
suse
  • SUSE-SU-2015:0832
  • SUSE-SU-2015:1478
ubuntu
  • USN-2541-1
  • USN-2542-1
  • USN-2545-1
  • USN-2546-1
  • USN-2562-1
  • USN-2563-1
Last major update 02-01-2017 - 21:59
Published 16-03-2015 - 06:59
Back to Top