CVE-2014-3687

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel-bootwrapper-2.6.32 versions 2.6.32 Red Hat Enterprise Linux kernel-kdump-2.6.32 versions 2.6.32 Red Hat Enterprise Linux kernel-kdump-devel-2.6.32 versions 2.6.32 Red Hat Enterprise Linux kernel-debuginfo-common-s390x-2.6.32 versions 2.6.32 Red Hat Enterprise Linux kernel-kdump-debuginfo-2.6.32 versions 2.6.32 Linux kernel versions prior to 3.17.2

Description The issue affects the Linux kernel and Red Hat Enterprise Linux, allowing remote attackers to cause a denial of service or disrupt the confidentiality, integrity, and availability of protected information. The sctp assoc lookup asconf ack function in net/sctp/associola.c is specifically vulnerable to duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter, leading to a panic.

Recommendations For Red Hat Enterprise Linux kernel-bootwrapper-2.6.32 version 2.6.32, update to a newer version that contains a fix for this issue. For Red Hat Enterprise Linux kernel-kdump-2.6.32 version 2.6.32, update to a newer version that contains a fix for this issue. For Red Hat Enterprise Linux kernel-kdump-devel-2.6.32 version 2.6.32, update to a newer version that contains a fix for this issue. For Red Hat Enterprise Linux kernel-debuginfo-common-s390x-2.6.32 version 2.6.32, update to a newer version that contains a fix for this issue. For Red Hat Enterprise Linux kernel-kdump-debuginfo-2.6.32 version 2.6.32, update to a newer version that contains a fix for this issue. For Linux kernel versions prior to 3.17.2, update to version 3.17.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the sctp assoc lookup asconf ack function until a patch is available.