{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-08T19:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-2717-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2717-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2"}, {"name": "USN-2713-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2713-1"}, {"name": "USN-2718-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2718-1"}, {"name": "RHSA-2015:1778", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html"}, {"name": "USN-2714-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2714-1"}, {"name": "1033169", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033169"}, {"name": "SUSE-SU-2015:1324", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"}, {"name": "DSA-3329", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3329"}, {"name": "RHSA-2015:1787", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "openSUSE-SU-2015:1382", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226442"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/2d45a02d0166caf2627fe91897c6ffc3b19514c4"}, {"name": "76082", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76082"}, {"name": "USN-2716-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2716-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4"}, {"name": "USN-2719-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2719-1"}, {"name": "USN-2715-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2715-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K05211147"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.054Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2717-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2717-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2"}, {"name": "USN-2713-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2713-1"}, {"name": "USN-2718-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2718-1"}, {"name": "RHSA-2015:1778", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html"}, {"name": "USN-2714-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2714-1"}, {"name": "1033169", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033169"}, {"name": "SUSE-SU-2015:1324", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"}, {"name": "DSA-3329", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3329"}, {"name": "RHSA-2015:1787", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "openSUSE-SU-2015:1382", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/2d45a02d0166caf2627fe91897c6ffc3b19514c4"}, {"name": "76082", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76082"}, {"name": "USN-2716-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2716-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4"}, {"name": "USN-2719-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2719-1"}, {"name": "USN-2715-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2715-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K05211147"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3212", "datePublished": "2015-08-31T10:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.054Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "35D92D85-11F9-4996-B1D5-4494D0E36F3C", "versionEndIncluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls."}, {"lang": "es", "value": "Vulnerabilidad de condici\u00f3n de carrera en net/stcp/socket.c en el kernel de Linux en versiones anteriores a 4.1.2, permite a usuarios locales causar una denegaci\u00f3n de servicio (lista corrupta y p\u00e1nico) a trav\u00e9s de una serie de llamadas al sistema relacionadas con sockets, seg\u00fan lo demostrado por las llamadas setsockopt."}], "id": "CVE-2015-3212", "lastModified": "2023-02-13T00:48:11.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-31T10:59:06.580", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3329"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/76082"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1033169"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2713-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2714-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2715-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2716-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2717-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2718-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2719-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226442"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/2d45a02d0166caf2627fe91897c6ffc3b19514c4"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K05211147"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Ji Jianwen (Red Hat Engineering).", "affected_release": [{"advisory": "RHSA-2015:1788", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-229.14.1.rt56.141.13.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-09-15T00:00:00Z"}, {"advisory": "RHSA-2015:1778", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-229.14.1.ael7b", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-09-15T00:00:00Z"}, {"advisory": "RHSA-2015:1787", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-229.rt56.161.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2015-09-15T00:00:00Z"}], "bugzilla": {"description": "kernel: SCTP race condition allows list corruption and panic from userlevel", "id": "1226442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226442"}, "csaw": false, "cvss": {"cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified"}, "cwe": "CWE-667", "details": ["Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket."], "name": "CVE-2015-3212", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2015-06-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3212"], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.", "threat_severity": "Moderate"}