// For flags

CVE-2015-1421

kernel: net: slab corruption from use after free on INIT collisions

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Vulnerabilidad de uso después de liberación en la función sctp_assoc_update en net/sctp/associola.c en el Kernel de Linux anterior a 3.18.8 permite a atacantes remotos causar una denegación de servicio (corrupción de bloque y pánico) o la posibilidad de tener otro impacto no especificado mediante la provocación de una colisión INIT que lleva al manejo inadecuado de datos de shared-key.

A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-01-29 CVE Reserved
  • 2015-02-26 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (22)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=600ddd6825543962fb807884169e57b580dba208 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/01/29/15 Mailing List
http://www.securityfocus.com/bid/72356 Third Party Advisory
http://www.securitytracker.com/id/1032172 Third Party Advisory
https://github.com/torvalds/linux/commit/600ddd6825543962fb807884169e57b580dba208 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0726.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0751.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0782.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0864.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1082.html 2023-11-07
http://www.debian.org/security/2015/dsa-3170 2023-11-07
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8 2023-11-07
http://www.ubuntu.com/usn/USN-2541-1 2023-11-07
http://www.ubuntu.com/usn/USN-2542-1 2023-11-07
http://www.ubuntu.com/usn/USN-2545-1 2023-11-07
http://www.ubuntu.com/usn/USN-2546-1 2023-11-07
http://www.ubuntu.com/usn/USN-2562-1 2023-11-07
http://www.ubuntu.com/usn/USN-2563-1 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1196581 2015-06-09
https://access.redhat.com/security/cve/CVE-2015-1421 2015-06-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.24 < 3.2.67
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 3.2.67"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.3 < 3.4.107
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.107"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.5 < 3.10.70
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.70"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.11 < 3.12.38
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.38"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.13 < 3.14.34
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.34"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.15 < 3.16.35
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.17 < 3.18.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.8"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected