CVE-2014-3673: Input Validation
First published: Tue Sep 30 2014(Updated: )
Kernel panic (via skb_over_panic) is encountered when sctp stack receive a malformed asconf chunks. skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768 head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950 end:0x440 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:129! [...] Call Trace: <IRQ> [<ffffffff8144fb1c>] skb_put+0x5c/0x70 [<ffffffffa01ea1c3>] sctp_addto_chunk+0x63/0xd0 [sctp] [<ffffffffa01eadaf>] sctp_process_asconf+0x1af/0x540 [sctp] [<ffffffff8152d025>] ? _read_unlock_bh+0x15/0x20 [<ffffffffa01e0038>] sctp_sf_do_asconf+0x168/0x240 [sctp] ... A remote attacker could use this flaw to crash the system. Acknowledgements: This issue was discovered by Liu Wei of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.12<3.2.64 | |
| Linux Kernel | >=3.3<3.4.107 | |
| Linux Kernel | >=3.5<3.10.61 | |
| Linux Kernel | >=3.11<3.12.34 | |
| Linux Kernel | >=3.13<3.14.25 | |
| Linux Kernel | >=3.15<3.16.35 | |
| Linux Kernel | >=3.17<3.17.4 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise MRG | =2.0 | |
| Ubuntu Linux | =12.04 | |
| Debian GNU/Linux | =7.0 | |
| openSUSE Evergreen | =11.4 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Workstation Extension | =12 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Server | =12 | |
| Oracle Linux | =5 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Ubuntu | =12.04 | |
| Debian | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/62428
- http://www.securityfocus.com/bid/70883
- http://www.debian.org/security/2014/dsa-3060
- http://marc.info/?l=bugtraq&m=142722544401658&w=2
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=1147850
- http://rhn.redhat.com/errata/RHSA-2015-0062.html
- http://rhn.redhat.com/errata/RHSA-2015-0115.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://www.ubuntu.com/usn/USN-2417-1
- http://www.ubuntu.com/usn/USN-2418-1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74
- http://linux.oracle.com/errata/ELSA-2014-3087.html
- http://linux.oracle.com/errata/ELSA-2014-3088.html
- http://linux.oracle.com/errata/ELSA-2014-3089.html
- https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
- https://launchpad.net/bugs/cve/CVE-2014-3673
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1155727
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2014-1971.html
- https://rhn.redhat.com/errata/RHSA-2014-1997.html
- https://rhn.redhat.com/errata/RHSA-2015-0043.html
- https://rhn.redhat.com/errata/RHSA-2015-0062.html
- https://rhn.redhat.com/errata/RHSA-2015-0115.html
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- http://marc.info/?l=bugtraq&m=142722544401658&w=2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74
- https://security-tracker.debian.org/tracker/CVE-2014-3673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
- https://nvd.nist.gov/vuln/detail/CVE-2014-3673
- https://ubuntu.com/security/CVE-2014-3673
Frequently Asked Questions
What is the severity of CVE-2014-3673?
CVE-2014-3673 is considered a serious vulnerability as it can lead to a kernel panic when the SCTP stack receives malformed ASCONF chunks.
How do I fix CVE-2014-3673?
To fix CVE-2014-3673, ensure that you update your Linux kernel to versions 5.10.223-1, 5.10.226-1, 6.1.123-1, or later versions that include patches for this vulnerability.
Which systems are affected by CVE-2014-3673?
CVE-2014-3673 affects various versions of the Linux kernel including those between 2.6.12 and 3.17, along with certain versions of Red Hat Enterprise Linux, Ubuntu, Oracle Linux, and SUSE Linux.
What are the potential impacts of CVE-2014-3673?
The potential impacts of CVE-2014-3673 include system instability and crashes due to kernel panic, which can disrupt service and compromise system reliability.
Is there a workaround for CVE-2014-3673?
There is no official workaround for CVE-2014-3673; upgrading the kernel is the recommended approach to mitigate the vulnerability.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-3673
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/event
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12
- version/linux kernel/3.3
- version/linux kernel/3.5
- version/linux kernel/3.11
- version/linux kernel/3.13
- version/linux kernel/3.15
- version/linux kernel/3.17
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- canonical/red hat enterprise mrg
- version/red hat enterprise mrg/2.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- vendor/opensuse
- canonical/opensuse evergreen
- version/opensuse evergreen/11.4
- vendor/suse
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/12
- canonical/suse linux enterprise workstation extension
- version/suse linux enterprise workstation extension/12
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp1
- version/suse linux enterprise server/11-sp2
- version/suse linux enterprise server/12
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/5
- version/oracle linux/6
- version/oracle linux/7
- package-manager/debian
- canonical/ubuntu
- version/ubuntu/12.04
- canonical/debian
- version/debian/7.0