{
  "threat_severity" : "Moderate",
  "public_date" : "2015-06-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: SCTP race condition allows list corruption and panic from userlevel",
    "id" : "1226442",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1226442"
  },
  "cvss" : {
    "cvss_base_score" : "5.6",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:P/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket." ],
  "statement" : "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.",
  "acknowledgement" : "This issue was discovered by Ji Jianwen (Red Hat Engineering).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-09-15T00:00:00Z",
    "advisory" : "RHSA-2015:1788",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-229.14.1.rt56.141.13.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-09-15T00:00:00Z",
    "advisory" : "RHSA-2015:1778",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-229.14.1.ael7b"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2015-09-15T00:00:00Z",
    "advisory" : "RHSA-2015:1787",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-229.rt56.161.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-3212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3212" ],
  "name" : "CVE-2015-3212",
  "csaw" : false
}