Vulnetix
Try Vulnetix Request Demo
CVE-2015-1421 PUBLISHED

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

EPSS 10.87% · 93.3th percentile

Risk Scores

EPSS Score
10.87%
93.3th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSlinux-lts-utopic3.16.0-31.41~14.04.1, 3.16.0-31.43~14.04.1, 0
Ubuntu:20.04:LTSlinux-riscv5.4.0-27.31, 5.4.0-26.30, 5.4.0-24.28
Ubuntu:20.04:LTSlinux-raspi20, 5.4.0-1006.6, 5.4.0-1004.4
Ubuntu:18.04:LTSlinux-hwe5.3.0-66.60, 5.3.0-67.61, 5.3.0-68.63
Ubuntu:22.04:LTSlinux-riscv5.13.0-1010.11+22.04.1, 5.15.0-1028.32, 5.15.0-1027.31
Ubuntu:24.04:LTSlinux-lowlatency-hwe-6.110, 6.11.0-1016.17~24.04.1, 6.11.0-1015.16~24.04.2
Ubuntu:24.04:LTSlinux-riscv6.8.0-31.31.1, 6.8.0-41.41.1, 6.8.0-40.40.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:24.04:LTSlinux-gcp-6.116.11.0-1015.15~24.04.1, 6.11.0-1014.14~24.04.1, 6.11.0-1013.13~24.04.1
Ubuntu:18.04:LTSlinux-gcp4.15.0-1028.29, 0, 4.15.0-1001.1
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-23.25~18.04.2, 5.3.0-23.25~18.04.1, 5.3.0-24.26~18.04.2
Ubuntu:20.04:LTSlinux-gke5.4.0-1072.77, 5.4.0-1071.76, 5.4.0-1068.71
Ubuntu:24.04:LTSlinux-realtime0, 6.8.1-1015.16
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:20.04:LTSlinux-gkeop5.4.0-1088.92, 5.4.0-1062.66, 5.4.0-1064.68
Ubuntu:Pro:20.04:LTSlinux-azure-fde-5.155.15.0-1043.50~20.04.1.1, 5.15.0-1042.49~20.04.1.1, 5.15.0-1041.48~20.04.1.1
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1085.90+cvm1.1, 0, 5.4.0-1063.66+cvm2.2
Ubuntu:24.04:LTSlinux-hwe-6.110, 6.11.0-29.29~24.04.1, 6.11.0-28.28~24.04.1
Ubuntu:14.04:LTSlinux3.11.0-12.19, 3.13.0-46.76, 3.13.0-46.75
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35

…and 2 more

Timeline

References

Open in Interactive Console →