From $URL : A local user could use the missing size check in sctp_getsockopt_assoc_stats() function to escalate their privileges. On x86 this might be mitigated by destination object size check as the destination size is known at compile time. Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=726bc6b0 Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=196d6759 Introduced in: v3.8-rc1 References: https://twitter.com/grsecurity/status/309805924749541376 http://grsecurity.net/~spender/sctp.c
Any news on this? For me its completly impossible to use SCTP here: As soon as clvmd connects to dlm and dlm wants to use sctp grsec will panic the system And DLM with TCP instead of SCTP will not work because the system is multihomed... (dlm: TCP protocol can't handle multi-homed hosts, try SCTP) (On hardened with kernel 3.8.3 or 3.7.5 or 3.2.37 ...)
What I have hit was a false positive in grsec which is fixed in the latest grsec patchset. See $URL for more details
There are no longer any 2.x or <3.8 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.