blob: a7e826382ab9aca26d085901096e724760c86b9e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: sctp: local DoS: unprivileged user can cause BUG()
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2014970
Notes:
carnil> Likely it is commit a2d859e3fc97 ("sctp: account stream padding
carnil> length for reconf chunk")
carnil> And in case this is the correct fix, are CVE-2021-3894 and
carnil> CVE-2022-0322 dubplicates?
carnil> Around 2022-08-23 the CVE has been rejected byt the assigning
carnil> CNA as it was a duplicate of CVE-2022-0322:
carnil> https://bugzilla.redhat.com/show_bug.cgi?id=2014970#c17
Bugs:
upstream: released (5.15-rc6) [a2d859e3fc97e79d907761550dbc03ff1b36479c]
5.10-upstream-stable: released (5.10.75) [d84a69ac410f6228873d05d35120f6bdddab7fc3]
4.19-upstream-stable: released (4.19.213) [c57fdeff69b152185fafabd37e6bfecfce51efda]
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.14.16-1)
5.10-bullseye-security: released (5.10.84-1)
4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: N/A "Vulnerable code not present"
|