CVE-2014-5077

Published: Aug 1, 2014Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Affected (16)

Products: Linux: Linux Kernel · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server · Redhat: Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus · +1 more

Show all products

Linux: Linux Kernel · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server · Redhat: Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus · Canonical: Ubuntu Linux

Linux

1 product

Linux Kernel

Suse

3 products

Linux Enterprise Desktop

Linux Enterprise Real Time Extension

Linux Enterprise Server

Redhat

3 products

Enterprise Linux Eus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Canonical

1 product

Ubuntu Linux

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.24 to 3.2.63
Linux Linux Kernel	From 3.11 to 3.12.27
Linux Linux Kernel	From 3.13 to 3.14.17
Linux Linux Kernel	From 3.15 to 3.15.10
Linux Linux Kernel	From 3.3 to 3.4.103
Linux Linux Kernel	From 3.5 to 3.10.53

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 11 sp3
Suse Linux Enterprise Real Time Extension	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp3

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Eus	Version 6.5
Redhat Enterprise Linux Server Aus	Version 6.2
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.5

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (44)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa

Source: secalert@redhat.com

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1083.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1668.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1763.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/59777

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/60430

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/60545

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/60564

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/60744

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/62563

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/07/26/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/68881

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030681

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2334-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2335-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2358-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2359-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1122982

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95134

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa

Source: secalert@redhat.com

PatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa