Bird_banner_small4
Linux Kernel SCTP sctp_sf_ootb Out of Bounds Read
TSL ID TSL20161128-04
CVE ID(s) CVE-2016-9555
Severity High
Description

A denial of service vulnerability has been reported in the SCTP networking module of the Linux kernel. The vulnerability is due to an error while processing crafted SCTP chunks, leading to out-of-bounds memory access in sctp_sf_ootb().

A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SCTP packets to a vulnerable system. A successful exploitation will result in system crash.

The vendor has released an advisory and patch regarding this vulnerability:

https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6

Affected Products
  • Linux Kernel Project Kernel mainline prior to bf911e985d6bbaa328c20c3e05f4eb03de11fdd6
CVSS Score Base 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.8 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
SecurityTracker
References https://bugzilla.redhat.com/show_bug.cgi?id=1397930
https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6
https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk
Related Threats