CVE-2014-3673

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9de7922bc709eee2f609cd01d98aaedc4cf5ea74

http://linux.oracle.com/errata/ELSA-2014-3087.html

http://linux.oracle.com/errata/ELSA-2014-3088.html

http://linux.oracle.com/errata/ELSA-2014-3089.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://marc.info/?l=bugtraq&m=142722450701342&w=2

http://marc.info/?l=bugtraq&m=142722544401658&w=2

http://rhn.redhat.com/errata/RHSA-2015-0062.html

http://rhn.redhat.com/errata/RHSA-2015-0115.html

http://secunia.com/advisories/62428

http://www.debian.org/security/2014/dsa-3060

http://www.securityfocus.com/bid/70883

http://www.ubuntu.com/usn/USN-2417-1

http://www.ubuntu.com/usn/USN-2418-1

https://bugzilla.redhat.com/show_bug.cgi?id=1147850

https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74

Details

Source: MITRE

Published: 2014-11-10

Updated: 2020-08-10

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
124986EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)NessusHuawei Local Security Checks
high
124804EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
85097Oracle Linux 6 : kernel (ELSA-2015-1272)NessusOracle Linux Local Security Checks
high
83723SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)NessusSuSE Local Security Checks
high
83708SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0652-1)NessusSuSE Local Security Checks
high
83702SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1)NessusSuSE Local Security Checks
high
83696SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)NessusSuSE Local Security Checks
high
83665SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)NessusSuSE Local Security Checks
high
81800Oracle Linux 7 : kernel (ELSA-2015-0290)NessusOracle Linux Local Security Checks
high
81158RHEL 6 : kernel (RHSA-2015:0115)NessusRed Hat Local Security Checks
high
80878RHEL 6 : kernel (RHSA-2015:0062)NessusRed Hat Local Security Checks
high
80507RHEL 6 : kernel (RHSA-2015:0043)NessusRed Hat Local Security Checks
high
80250SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 10103)NessusSuSE Local Security Checks
high
80249SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)NessusSuSE Local Security Checks
high
80168Ubuntu 14.10 : linux regression (USN-2448-2)NessusUbuntu Local Security Checks
high
80167Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2447-2)NessusUbuntu Local Security Checks
high
80153openSUSE Security Update : Linux Kernel (openSUSE-SU-2014:1678-1)NessusSuSE Local Security Checks
high
80152openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)NessusSuSE Local Security Checks
high
80099Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141216)NessusScientific Linux Local Security Checks
high
80088CentOS 6 : kernel (CESA-2014:1997)NessusCentOS Local Security Checks
high
80072RHEL 6 : kernel (RHSA-2014:1997)NessusRed Hat Local Security Checks
high
80070Oracle Linux 6 : kernel (ELSA-2014-1997)NessusOracle Linux Local Security Checks
high
80038F5 Networks BIG-IP : Linux kernel SCTP vulnerabilities (K15910)NessusF5 Networks Local Security Checks
high
80034Ubuntu 14.10 : linux vulnerabilities (USN-2448-1)NessusUbuntu Local Security Checks
high
80033Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2447-1)NessusUbuntu Local Security Checks
high
80032Ubuntu 14.04 LTS : linux vulnerabilities (USN-2446-1)NessusUbuntu Local Security Checks
high
80031Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2445-1)NessusUbuntu Local Security Checks
high
80029Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2442-1)NessusUbuntu Local Security Checks
high
80028Ubuntu 10.04 LTS : linux vulnerabilities (USN-2441-1)NessusUbuntu Local Security Checks
high
80014Scientific Linux Security Update : kernel on SL7.x x86_64 (20141209)NessusScientific Linux Local Security Checks
high
79876CentOS 7 : kernel (CESA-2014:1971)NessusCentOS Local Security Checks
high
79848RHEL 7 : kernel (RHSA-2014:1971)NessusRed Hat Local Security Checks
high
79845Oracle Linux 7 : kernel (ELSA-2014-1971)NessusOracle Linux Local Security Checks
high
79735Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3096)NessusOracle Linux Local Security Checks
high
79610Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)NessusMandriva Local Security Checks
high
79433Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)NessusUbuntu Local Security Checks
high
79325Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3089)NessusOracle Linux Local Security Checks
high
79258Fedora 19 : kernel-3.14.23-100.fc19 (2014-14068)NessusFedora Local Security Checks
high
79243Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3088)NessusOracle Linux Local Security Checks
high
79242Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3087)NessusOracle Linux Local Security Checks
high
78814Fedora 21 : kernel-3.17.2-300.fc21 (2014-14126)NessusFedora Local Security Checks
high
78784Debian DSA-3060-1 : linux - security updateNessusDebian Local Security Checks
high
78715Fedora 20 : kernel-3.16.6-202.fc20 (2014-13558)NessusFedora Local Security Checks
high