CVE-2014-5077

Impact:
Important
Public Date:
2014-07-17
CWE:
CWE-476
Bugzilla:
1122982: CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

Find out more about CVE-2014-5077 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it doesn't provide support for AUTH chunks.

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue. This issue has been fixed in Red Hat Enterprise MRG via RHSA-2014:1083.

CVSS v2 metrics

Base Score 7.1
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2014:1724 2014-10-28
Red Hat Enterprise Linux 6 (kernel) RHSA-2014:1392 2014-10-13
MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2014:1083 2014-08-20
Red Hat Enterprise Linux Extended Update Support 6.4 (kernel) RHSA-2014:1872 2014-11-18
Red Hat Enterprise Linux Extended Update Support 6.5 (kernel) RHSA-2014:1668 2014-10-23
Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) RHSA-2014:1763 2014-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Affected
Red Hat Enterprise Linux 5 kernel Not affected

Mitigation

Last Modified