First published: Thu Sep 02 2021(Updated: )
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
Linux Linux kernel | <5.15.0 | |
Redhat Enterprise Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
Oracle Communications Cloud Native Core Policy | =22.2.0 | |
NetApp E-Series SANtricity OS Controller | =11.0 | |
NetApp E-Series SANtricity OS Controller | =11.0.0 | |
NetApp E-Series SANtricity OS Controller | =11.20 | |
NetApp E-Series SANtricity OS Controller | =11.25 | |
NetApp E-Series SANtricity OS Controller | =11.30 | |
NetApp E-Series SANtricity OS Controller | =11.30.5r3 | |
NetApp E-Series SANtricity OS Controller | =11.40 | |
NetApp E-Series SANtricity OS Controller | =11.40.3r2 | |
NetApp E-Series SANtricity OS Controller | =11.40.5 | |
NetApp E-Series SANtricity OS Controller | =11.50.1 | |
NetApp E-Series SANtricity OS Controller | =11.50.2 | |
NetApp E-Series SANtricity OS Controller | =11.50.2-p1 | |
NetApp E-Series SANtricity OS Controller | =11.60 | |
NetApp E-Series SANtricity OS Controller | =11.60.0 | |
NetApp E-Series SANtricity OS Controller | =11.60.1 | |
NetApp E-Series SANtricity OS Controller | =11.60.3 | |
NetApp E-Series SANtricity OS Controller | =11.70.1 | |
NetApp E-Series SANtricity OS Controller | =11.70.2 | |
Netapp Solidfire \& Hci Management Node | ||
Netapp Solidfire \& Hci Storage Node | ||
Netapp Hci Compute Node | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
Netapp H610c Firmware | ||
Netapp H610c | ||
Netapp H610s Firmware | ||
Netapp H610s | ||
Netapp H615c Firmware | ||
Netapp H615c | ||
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
All of | ||
Netapp H610c Firmware | ||
Netapp H610c | ||
All of | ||
Netapp H610s Firmware | ||
Netapp H610s | ||
All of | ||
Netapp H615c Firmware | ||
Netapp H615c | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
As the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: if # echo "install sctp /bin/true" >> /etc/modprobe.d/disable-sctp.conf The system will need to be restarted if the SCTP modules are loaded. In most circumstances, the SCTP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.