Linux kernel built with the support for Stream Control Transmission Protocol (CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between the same pair of hosts. A remote user/program could use this flaw to crash the system kernel resulting in DoS. Upstream fix: ------------- -> http://patchwork.ozlabs.org/patch/372475/
MITRE assigned CVE-2014-5077 to this issue: http://seclists.org/oss-sec/2014/q3/246
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1123696]
Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=1be9a950c646c9092fb3618197f7b6bfb50e82aa
kernel-3.15.7-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.14.15-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2014:1083 https://rhn.redhat.com/errata/RHSA-2014-1083.html
Statement: This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it doesn't provide support for AUTH chunks. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue. This issue has been fixed in Red Hat Enterprise MRG via RHSA-2014:1083.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1392 https://rhn.redhat.com/errata/RHSA-2014-1392.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2014:1668 https://rhn.redhat.com/errata/RHSA-2014-1668.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1724 https://rhn.redhat.com/errata/RHSA-2014-1724.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Via RHSA-2014:1763 https://rhn.redhat.com/errata/RHSA-2014-1763.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Via RHSA-2014:1872 https://rhn.redhat.com/errata/RHSA-2014-1872.html