Linux Kernel SCTP Use-After-Free Vulnerability

Linux Kernel SCTP Use-After-Free Vulnerability

CVE-2015-1421 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.