Unrated severityNVD Advisory· Published Oct 19, 2015· Updated May 6, 2026
CVE-2015-5283
CVE-2015-5283
Description
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
Affected products
19- osv-coords18 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/kgraft-patch-SLE12_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012pkg:rpm/suse/kgraft-patch-SLE12_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
< 3.12.48-52.27.1+ 17 more
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.2
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.1
- (no CPE)range: < 3.12.48-52.27.2
- (no CPE)range: < 3.12.48-52.27.2
- (no CPE)range: < 3.12.48-52.27.2
- (no CPE)range: < 1-2.6
- (no CPE)range: < 1-2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdExploit
- patchwork.ozlabs.org/patch/515996/nvdExploit
- github.com/torvalds/linux/commit/8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4nvdExploit
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlnvd
- www.debian.org/security/2015/dsa-3372nvd
- www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
- www.securityfocus.com/bid/77058nvd
- www.securitytracker.com/id/1033808nvd
- www.ubuntu.com/usn/USN-2823-1nvd
- www.ubuntu.com/usn/USN-2826-1nvd
- www.ubuntu.com/usn/USN-2829-1nvd
- www.ubuntu.com/usn/USN-2829-2nvd
- bugzilla.redhat.com/show_bug.cginvd
- security-tracker.debian.org/tracker/CVE-2015-5283nvd
News mentions
0No linked articles in our index yet.