[v2.5] kernel: net: sctp: inherit auth_capable on INIT collisions (CVE-2014-5077)
Linux kernel built with the support for Stream Control Transmission Protocol (CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between a same pair of hosts.
A remote user/program could use this flaw to crash the system kernel resulting in DoS.
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/246
COMMIT: http://patchwork.ozlabs.org/patch/372475/
COMMIT:
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=1be9a950c646c9092fb3618197f7b6bfb50e82aa
(from redmine: issue id 3269, created on 2014-07-30, closed on 2015-05-07)
- Relations:
- parent #3268