CVE-2015-3332

Priority
Medium
Description
A certain backport in the TCP Fast Open implementation for the Linux kernel
before 3.18 does not properly maintain a count value, which allow local
users to cause a denial of service (system crash) via the Fast Open
feature, as demonstrated by visiting the
chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through
3.16.x kernel builds, including longterm-maintenance releases and ckt (aka
Canonical Kernel Team) builds.
Ubuntu-Description
A flaw was discovered in the Linux kernel's IPv4 networking when using TCP
fast open to initiate a connection. An unprivileged local user could
exploit this flaw to cause a denial of service (system crash).
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3332
http://www.openwall.com/lists/oss-security/2015/04/14/14
http://thread.gmane.org/gmane.linux.network/359588
https://usn.ubuntu.com/usn/usn-2615-1
https://usn.ubuntu.com/usn/usn-2616-1
https://usn.ubuntu.com/usn/usn-2619-1
https://usn.ubuntu.com/usn/usn-2620-1
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782515
https://launchpad.net/bugs/1447371
Notes
 jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
  not supported on the Ubuntu Touch 14.10 and earlier preview kernels
 jdstrand> linux-lts-saucy no longer receives official support
 jdstrand> linux-lts-quantal no longer receives official support
 henrix> This CVE is specific to stable kernels between 3.10 and 3.16, so
 henrix> Trusty and Utopic are affected. All other series are not.
Package
Source: linux-lts-trusty (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-lts-quantal (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-53.89)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-16.19)
Patches:
Introduced by 355a901e6cf1b2b763ec85caa2a9f04fbcc4ab4aFixed by local-2015-3332
Package
Source: linux-ti-omap4 (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-lts-raring (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-armadaxp (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-linaro-shared (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-maguro (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-mvl-dove (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-lts-saucy (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-manta (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: linux-ec2 (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-grouper (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-linaro-vexpress (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-qcm-msm (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-lts-vivid (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.19.0-18.18~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-raspi2 (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1014.21)
Package
Source: linux-mako (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: linux-fsl-imx51 (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-linaro-omap (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-lts-utopic (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.16.0-38.52~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-2.6 (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: linux-goldfish (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Source: linux-flo (LP Ubuntu Debian)
Upstream:released (3.19~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2017-12-15 20:34:21 UTC (commit 13913)