{
  "threat_severity" : "Moderate",
  "public_date" : "2015-01-11T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: SCTP denial of service during timeout",
    "id" : "1297389",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1297389"
  },
  "cvss" : {
    "cvss_base_score" : "7.1",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-367",
  "details" : [ "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service." ],
  "statement" : "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-04T00:00:00Z",
    "advisory" : "RHSA-2016:0715",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-573.26.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-06-23T00:00:00Z",
    "advisory" : "RHSA-2016:1301",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-06-23T00:00:00Z",
    "advisory" : "RHSA-2016:1277",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.22.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2016-06-27T00:00:00Z",
    "advisory" : "RHSA-2016:1341",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-327.rt56.190.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-8767\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8767" ],
  "name" : "CVE-2015-8767",
  "csaw" : false
}