CVE-2014-4667

Published: Jul 3, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

Affected (8)

Products: Linux: Linux Kernel · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server · Canonical: Ubuntu Linux · +1 more

Show all products

Linux: Linux Kernel · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server · Canonical: Ubuntu Linux · Debian: Debian Linux

Linux

1 product

Linux Kernel

Suse

3 products

Linux Enterprise Desktop

Linux Enterprise Real Time Extension

Linux Enterprise Server

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.15.2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 11 sp3
Suse Linux Enterprise Real Time Extension	Version 11 sp3
Suse Linux Enterprise Server	Version 10 sp4
Suse Linux Enterprise Server	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

References (36)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee

Source: cve@mitre.org

http://linux.oracle.com/errata/ELSA-2014-3068.html

Source: cve@mitre.org

Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-3069.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/59777

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/59790

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60564

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60596

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2014/dsa-2992

Source: cve@mitre.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2014/06/27/11

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/68224

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2334-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2335-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1113967

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee

Source: cve@mitre.org

PatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee