Your submission was sent successfully! Close

CVE-2011-2482

Published: 8 June 2013

A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.

Notes

AuthorNote
apw
this bug was introduced by a flawed backport of commit
ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d to the RHEL kernel, this
was mainlined in v2.6.21 and therefore no existing release has this
backported
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

upstream Not vulnerable

linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

upstream Not vulnerable

linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream Not vulnerable

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream Not vulnerable

linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream Not vulnerable

linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Does not exist

upstream Not vulnerable

linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Not vulnerable

natty Not vulnerable

upstream Not vulnerable