CVE-2015-1421

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel versions prior to 3.18.8 Ubuntu linux-image-3.16.0 Ubuntu linux-image-3.2.0

Description The issue concerns multiple vulnerabilities in the Linux kernel, specifically affecting Red Hat Enterprise Linux and Ubuntu. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can cause a denial of service, slab corruption, and panic, or possibly have unspecified other impacts. This is achieved by triggering an INIT collision that leads to improper handling of shared-key data in the sctp assoc update function in net/sctp/associola.c.

Recommendations For Red Hat Enterprise Linux kernel versions prior to 3.18.8: Update to a version 3.18.8 or later. For Ubuntu linux-image-3.16.0 and linux-image-3.2.0: Update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable sctp assoc update function until a patch is available.