6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
55.2%
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux
kernel before 3.8.4 does not validate a size value before proceeding to a
copy_from_user operation, which allows local users to gain privileges via a
crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system
call.
Author | Note |
---|---|
seth-arnold | reproducer did nothing on my amd64 precise, quantal, raring VMs |