CVE-2014-3687
kernel: net: sctp: fix panic on duplicate ASCONF chunks
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
La función sctp_assoc_lookup_asconf_ack en net/sctp/associola.c en la implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (kernel panic) a través de trozos ASCONF duplicados que provocan una liberación incorrecta dentro del intérprete de efectos secundarios.
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.
USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-10-31 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395 | X_refsource_confirm | |
| http://linux.oracle.com/errata/ELSA-2014-3087.html | Third Party Advisory | |
| http://linux.oracle.com/errata/ELSA-2014-3088.html | Third Party Advisory | |
| http://linux.oracle.com/errata/ELSA-2014-3089.html | Third Party Advisory | |
| http://secunia.com/advisories/62428 | Broken Link | |
| http://www.securityfocus.com/bid/70766 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1155731 | 2015-02-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.27 < 3.2.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 3.2.64" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.4.107 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.107" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.5 < 3.10.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.61" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.34" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.14.25 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.25" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.15 < 3.16.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.17.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.17.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg" | 2.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Desktop Search vendor "Novell" for product "Suse Linux Enterprise Desktop" | 12.0 Search vendor "Novell" for product "Suse Linux Enterprise Desktop" and version "12.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Suse Linux Enterprise Server Search vendor "Novell" for product "Suse Linux Enterprise Server" | 12.0 Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "12.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Evergreen Search vendor "Opensuse" for product "Evergreen" | 11.4 Search vendor "Opensuse" for product "Evergreen" and version "11.4" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Real Time Extension Search vendor "Suse" for product "Linux Enterprise Real Time Extension" | 11 Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Workstation Extension Search vendor "Suse" for product "Linux Enterprise Workstation Extension" | 12 Search vendor "Suse" for product "Linux Enterprise Workstation Extension" and version "12" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp2, ltss |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 5 Search vendor "Oracle" for product "Linux" and version "5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 6 Search vendor "Oracle" for product "Linux" and version "6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||