CVE-2017-15115

Published: Nov 15, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Affected (13)

Products: Linux: Linux Kernel · Debian: Debian Linux · Suse: Linux Enterprise Server · +1 more

Show all products

Linux: Linux Kernel · Debian: Debian Linux · Suse: Linux Enterprise Server · Canonical: Ubuntu Linux

1 product

1 product

1 product

Linux Enterprise Server

Canonical

1 product

Ubuntu Linux

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.2.96
Linux Linux Kernel	From 3.17 to 3.18.84
Linux Linux Kernel	From 3.19 to 4.1.47
Linux Linux Kernel	From 3.3 to 3.16.51
Linux Linux Kernel	From 4.10 to 4.13.16
Linux Linux Kernel	From 4.2 to 4.4.100
Linux Linux Kernel	From 4.5 to 4.9.65

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 11 sp4

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (32)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

Source: secalert@redhat.com

Third Party Advisory

http://seclists.org/oss-sec/2017/q4/282

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://www.securityfocus.com/bid/101877

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1513345

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://patchwork.ozlabs.org/patch/827077/

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://source.android.com/security/bulletin/pixel/2018-04-01

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3581-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3581-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3581-3/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3582-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3582-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3583-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3583-2/

Source: secalert@redhat.com

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74