Vulnerabilities

CVE-2015-5283

by Fred · 19/10/2015

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

Date published : 2015-10-19

http://www.securityfocus.com/bid/77058

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4

Similar

Tags: Cybersecurity Alert