CVE-2017-5986

Source
Severity Medium
Remote No
Type Denial of service
Description
It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. This issue may then lead to a segmentation fault resulting in denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-188 linux-lts 4.4.50-1 4.9.13-1 High Fixed
AVG-186 linux-zen 4.9.8-1 4.9.11-2 High Fixed
AVG-178 linux 4.9.8-1 4.9.11-1 High Fixed
Date Advisory Group Package Severity Description
22 Feb 2017 ASA-201702-18 AVG-186 linux-zen High multiple issues
22 Feb 2017 ASA-201702-17 AVG-178 linux High multiple issues
References
https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
http://seclists.org/oss-sec/2017/q1/432