79 matches found
sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
...
SUSE CVE-2026-53225
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
CVE-2026-53225
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted, truncated ASCONF Address Configuration chunk. This can cause the system to read up to 16 bytes of...
CVE-2026-53225
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
UBUNTU-CVE-2026-53225
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
CVE-2026-53225
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
CVE-2026-53225
The CVE-2026-53225 entry describes a Linux kernel SCTP vulnerability in __sctp_rcv_asconf_lookup() where an unauthenticated peer can send a truncated ASCONF chunk; the code may read 16 bytes of uninitialized memory past the address parameter when the chunk’s length is misdeclared. Affected compon...
CVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
CVE-2026-53225
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
Astra Linux – Vulnerability in Linux
A race condition in Linux kernel SCTP sockets net/sctp/socket.c before version 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If the sctpDestroySock function is called without using the socknetsk-sctp.addrwqlock lock, an element...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000929)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000929 advisory. The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000803)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000803 advisory. The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002012)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002012 advisory. The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002182)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002182 advisory. The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002405)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002405 advisory. The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to...
EUVD-2014-3633
Malware in sbrugna...
EUVD-2014-3621
Malware in sbrugna...
SUSE CVE-2024-0639
A denial of service vulnerability due to a deadlock was found in sctpautoasconfinit in net/sctp/socket.c in the Linux kernel's SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system...
AZL-33889 CVE-2024-0639 affecting package kernel for versions less than 5.15.148.1-1
A denial of service vulnerability due to a deadlock was found in sctpautoasconfinit in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system...
K16016: Linux kernel SCTP vulnerability CVE-2014-7841
Security Advisory Description The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...