PT-2014-1825 · Linux+5 · Linux Kernel+5

Published

2014-10-24

·

Updated

2023-02-13

·

CVE-2014-3688

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel versions 2.6.32 Linux kernel versions prior to 3.17.4
Description The issue concerns multiple vulnerabilities in the Linux kernel, specifically affecting Red Hat Enterprise Linux. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to the SCTP implementation in the Linux kernel, which can cause a denial of service due to memory consumption when a large number of chunks are triggered in an association's output queue.
Recommendations For Red Hat Enterprise Linux kernel version 2.6.32, update to a version that includes the fix for these vulnerabilities. For Linux kernel versions prior to 3.17.4, update to version 3.17.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2014-2381
ALT-PU-2015-1794
BDU:2015-06243
BDU:2015-06250
BDU:2015-06263
BDU:2015-06264
BDU:2015-06265
CESA-2014_1971
CESA-2014_1997
CVE-2014-3688
DLA-118-1
DSA-3060-1
OPENSUSE-SU-2014_1677-1
OPENSUSE-SU-2014_1678-1
RHSA-2014:1971
RHSA-2014:1997
RHSA-2014_1971
RHSA-2014_1997
RHSA-2015:0043
RHSA-2015:0062
RHSA-2015:0115
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
SUSE-SU-2018:2062-1
SUSE-SU-2018:2177-1
SUSE-SU-2018_2062-1
USN-2417-1
USN-2418-1
USN-2441-1
USN-2442-1
USN-2445-1
USN-2446-1
USN-2447-1
USN-2447-2
USN-2448-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu