PT-2015-6098 · Linux+5 · Linux Kernel+5

Ji Jianwen

·

Published

2015-06-30

·

Updated

2023-02-13

·

CVE-2015-3212

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.1.2
Description The issue is related to a race condition in the Linux kernel, specifically in the net/sctp/socket.c file. This condition allows local users to cause a denial of service, resulting in list corruption and panic, by making a rapid series of system calls related to sockets. The setsockopt calls are an example of how this can be demonstrated.
Recommendations For Linux kernel versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to socket-related system calls to minimize the risk of exploitation.

Exploit

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2015-1678
ALT-PU-2015-1849
CESA-2015_1778
CVE-2015-3212
DSA-3329-1
OPENSUSE-SU-2015_1382-1
OPENSUSE-SU-2016_0301-1
RHSA-2015:1778
RHSA-2015:1787
RHSA-2015:1788
RHSA-2015_1778
RHSA-2015_1788
SUSE-SU-2015:1324-1
USN-2713-1
USN-2714-1
USN-2715-1
USN-2716-1
USN-2717-1
USN-2718-1
USN-2719-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu