CVE-2015-8767: Race Condition
First published: Mon Jan 11 2016(Updated: )
From the git commit: An deadlock condition can occur when sctp_accept() is called by the local software during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock, preventing sctp sockets from working correctly. The server must be running an service using the sctp protocol to be affected. Resources: <a href="https://patchwork.ozlabs.org/patch/522411/">https://patchwork.ozlabs.org/patch/522411/</a> <a href="https://patchwork.ozlabs.org/patch/522412/">https://patchwork.ozlabs.org/patch/522412/</a> Patch commit notes (net-next.git): <a href="https://kernel.googlesource.com/pub/scm/linux/kernel/git/horms/ipvs/+/635682a14427d241bab7bbdeebb48a7d7b91638e">https://kernel.googlesource.com/pub/scm/linux/kernel/git/horms/ipvs/+/635682a14427d241bab7bbdeebb48a7d7b91638e</a> CVE Request: <a href="http://seclists.org/oss-sec/2016/q1/66">http://seclists.org/oss-sec/2016/q1/66</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <4.3 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =15.10 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2016-0715.html
- http://www.debian.org/security/2016/dsa-3448
- http://www.debian.org/security/2016/dsa-3503
- http://www.openwall.com/lists/oss-security/2016/01/11/4
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/80268
- http://www.ubuntu.com/usn/USN-2930-1
- http://www.ubuntu.com/usn/USN-2930-2
- http://www.ubuntu.com/usn/USN-2930-3
- http://www.ubuntu.com/usn/USN-2931-1
- http://www.ubuntu.com/usn/USN-2932-1
- http://www.ubuntu.com/usn/USN-2967-1
- http://www.ubuntu.com/usn/USN-2967-2
- https://access.redhat.com/errata/RHSA-2016:1277
- https://access.redhat.com/errata/RHSA-2016:1301
- https://access.redhat.com/errata/RHSA-2016:1341
- https://bugzilla.redhat.com/show_bug.cgi?id=1297389
- https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e
- https://launchpad.net/bugs/cve/CVE-2015-8767
- https://patchwork.ozlabs.org/patch/522411/
- https://patchwork.ozlabs.org/patch/522412/
- https://kernel.googlesource.com/pub/scm/linux/kernel/git/horms/ipvs/+/635682a14427d241bab7bbdeebb48a7d7b91638e
- http://seclists.org/oss-sec/2016/q1/66
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1298437
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2016-0715.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767
- https://nvd.nist.gov/vuln/detail/CVE-2015-8767
- https://security-tracker.debian.org/tracker/CVE-2015-8767
- https://ubuntu.com/security/CVE-2015-8767
- https://git.kernel.org/linus/635682a14427d241bab7bbdeebb48a7d7b91638e
- https://www.openwall.com/lists/oss-security/2016/01/11/4
Frequently Asked Questions
What is CVE-2015-8767?
CVE-2015-8767 is a vulnerability in the Linux kernel that allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
How severe is CVE-2015-8767?
CVE-2015-8767 has a severity level of medium.
Which software versions are affected by CVE-2015-8767?
The affected software versions include Linux kernel versions before 4.3.
How can I fix CVE-2015-8767?
To fix CVE-2015-8767, update your Linux kernel to version 4.3 or later.
Where can I find more information about CVE-2015-8767?
You can find more information about CVE-2015-8767 on the following references: [Link 1](https://patchwork.ozlabs.org/patch/522411/), [Link 2](https://patchwork.ozlabs.org/patch/522412/), [Link 3](https://kernel.googlesource.com/pub/scm/linux/kernel/git/horms/ipvs/+/635682a14427d241bab7bbdeebb48a7d7b91638e).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8767
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/tags
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/15.10
- package-manager/debian