Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.6.24 (including) | 3.2.67 (excluding) |
Linux_kernel | Linux | 3.3 (including) | 3.4.107 (excluding) |
Linux_kernel | Linux | 3.5 (including) | 3.10.70 (excluding) |
Linux_kernel | Linux | 3.11 (including) | 3.12.38 (excluding) |
Linux_kernel | Linux | 3.13 (including) | 3.14.34 (excluding) |
Linux_kernel | Linux | 3.15 (including) | 3.16.35 (excluding) |
Linux_kernel | Linux | 3.17 (including) | 3.18.8 (excluding) |