CVE-2014-4667
Published: 3 July 2014
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
From the Ubuntu security team
An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
Patches: Introduced by de76e695a5ce19c121ba7e246b45f258be678a75 |
||
|
linux-2.6 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-manta Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.16~rc1)
|
Notes
| Author | Note |
|---|---|
| jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
- https://ubuntu.com/security/notices/USN-2332-1
- https://ubuntu.com/security/notices/USN-2333-1
- https://ubuntu.com/security/notices/USN-2334-1
- https://ubuntu.com/security/notices/USN-2335-1
- https://ubuntu.com/security/notices/USN-2336-1
- https://ubuntu.com/security/notices/USN-2337-1
- NVD
- Launchpad
- Debian