Vulnerability identifier: #VU3882
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
Operating systems & Components / Operating system
Vendor: Linux Foundation
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in net/sctp/sm_sideeffect.c due to improper management of the relationship between a lock and a socket. A local attacker can submit a specially crafted sctp_accept call, trigger race condition and cause the service to crash.
Update to version 4.3.
Vulnerable software versions
Linux kernel: 4.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?