CVE-2015-8767

MEDIUM

Linux Kernel < 4.3 - Race Condition

Title source: rule

Description

net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.

References (25)

... and 5 more

Scores

CVSS v3 6.2
EPSS 0.0012
EPSS Percentile 31.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-362
Status draft

Affected Products (6)

linux/linux_kernel < 4.3
debian/debian_linux
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Feb 08, 2016
Tracked Since Feb 18, 2026