CVE-2014-7841

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.17.4 kernel-debuginfo-2.6.32 versions 2.6.32 kernel-debug-devel-2.6.32 versions 2.6.32 kernel-doc-2.6.32 versions 2.6.32 kernel-debuginfo-common-i686 versions 2.6.32 kernel-headers-2.6.32 versions 2.6.32 kernel-2.6.32 versions 2.6.32 kernel-debug-debuginfo-2.6.32 versions 2.6.32 kernel-devel-2.6.32 versions 2.6.32 kernel-abi-whitelists-2.6.32 versions 2.6.32 kernel-firmware-2.6.32 versions 2.6.32 kernel-debug-2.6.32 versions 2.6.32

Description The issue is related to multiple vulnerabilities in the Linux kernel, specifically in the SCTP implementation, which can be exploited remotely to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. The sctp process param function in net/sctp/sm make chunk.c is vulnerable when ASCONF is used. These vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 3.17.4, update to version 3.17.4 or later to resolve the issue. For kernel-debuginfo-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-debug-devel-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-doc-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-debuginfo-common-i686 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-headers-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-debug-debuginfo-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-devel-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-abi-whitelists-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-firmware-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. For kernel-debug-2.6.32 versions 2.6.32, update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the sctp process param function until a patch is available.