CVE-2014-8612

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.4 before p23 FreeBSD versions 9.3 before p9 FreeBSD versions 10.0 before p17 FreeBSD versions 10.1 before p5

Description The issue concerns multiple array index errors in the Stream Control Transmission Protocol (SCTP) module. Local users can gain privileges via the stream id to the setsockopt function when setting the SCTIP SS VALUE option. Alternatively, they can read arbitrary kernel memory via the stream id to the getsockopt function when getting the SCTP SS PRIORITY option.

Recommendations For FreeBSD version 8.4, update to p23 or later. For FreeBSD version 9.3, update to p9 or later. For FreeBSD version 10.0, update to p17 or later. For FreeBSD version 10.1, update to p5 or later.