Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 515530 (CVE-2014-4667) - Linux kernel: sctp: sk_ack_backlog wrap-around problem (CVE-2014-4667)
Summary: Linux kernel: sctp: sk_ack_backlog wrap-around problem (CVE-2014-4667)
Alias: CVE-2014-4667
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Depends on:
Reported: 2014-06-27 15:34 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2022-03-25 22:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-27 15:34:03 UTC
From ${URL}:
Description of the problem:
For a TCP-style socket, while processing the COOKIE_ECHO chunk in
sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check, a
new association would be created in sctp_unpack_cookie(), but
afterwards, some processing maybe failed, and sctp_association_free()
will be called to free the previously allocated association, in
sctp_association_free(), sk_ack_backlog value is decremented for this
socket, since the initial value for sk_ack_backlog is 0, after
the decrement, it will be 65535, a wrap-around problem happens, and
if we want to establish new associations afterward in the same
socket, ABORT would be triggered since sctp deem the accept queue as

A remote attacker can block further connection to the particular sctp
server socket by sending a specially crafted sctp packet. 

Upstream patch:

Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 21:49:28 UTC
CVE-2014-4667 (
  The sctp_association_free function in net/sctp/associola.c in the Linux
  kernel before 3.15.2 does not properly manage a certain backlog value, which
  allows remote attackers to cause a denial of service (socket outage) via a
  crafted SCTP packet.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:17:45 UTC
Fix in 3.16