CVE-2014-8160

Description

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

How to fix CVE-2014-8160

To remediate CVE-2014-8160, upgrade the affected package to a fixed version below.

• Debian/linux—upgrade to 3.16.7-ckt4-1 or later

Is CVE-2014-8160 being exploited?

Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 3.16.7-ckt4-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-8160