Race condition in Linux kernel

#VU3882 Race condition in Linux kernel

Published: 2016-04-01 | Updated: 2018-04-17

Vulnerability identifier: #VU3882

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-8767

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in net/sctp/sm_sideeffect.c due to improper management of the relationship between a lock and a socket. A local attacker can submit a specially crafted sctp_accept call, trigger race condition and cause the service to crash.

Mitigation
Update to version 4.3.

Vulnerable software versions

Linux kernel: 4.2

CPE

cpe:2.3:o:linux_foundation:linux_kernel:4.2:*:*:*:*:*:*:*

External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Red Hat update for kernel

Multiple vulnerabilities in Linux Kernel