Linux Distros Unpatched Vulnerability : CVE-2026-53225

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a paramet...

CVE-2026-53246

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A remote attacker could exploit this by sending a specially crafted COOKIEECHO chunk to a listening SCTP server. The server's failure to properly validate the length of a cached peer INIT chunk within...

CVE-2026-53225

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted, truncated ASCONF Address Configuration chunk. This can cause the system to read up to 16 bytes of...

CVE-2026-53225

In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...

UBUNTU-CVE-2026-53224

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

EUVD-2026-39197

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

CVE-2026-53246

CVE-2026-53246 : In the Linux kernel SCTP implementation, a vulnerability exists in how COOKIE_ECHO payloads are processed. The cached peer INIT chunk embedded after the cookie could have its header length inflated without proper validation, allowing the parameter walk (via sctp_walk_params/sctp_...

CVE-2026-53246 sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

CVE-2026-53225

The CVE-2026-53225 entry describes a Linux kernel SCTP vulnerability in __sctp_rcv_asconf_lookup() where an unauthenticated peer can send a truncated ASCONF chunk; the code may read 16 bytes of uninitialized memory past the address parameter when the chunk’s length is misdeclared. Affected compon...

CVE-2026-53224

The vulnerability CVE-2026-53224 affects the Linux kernel SCTP implementation. The issue arises from insufficient validation of embedded INIT chunks and address list lengths in cookies: sctp_unpack_cookie() may accept a truncated INIT chunk, and the subsequent sctp_process_init() could read INIT ...

CVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()

In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...

CVE-2026-53224 sctp: validate embedded INIT chunk and address list lengths in cookie

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

Linux Distros Unpatched Vulnerability : CVE-2026-53070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda add xmit...

Linux Distros Unpatched Vulnerability : CVE-2026-53004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the pee...

EUVD-2026-38872

In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...

CVE-2026-53070

In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...

CVE-2026-53070 sctp: disable BH before calling udp_tunnel_xmit_skb()

In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...

CVE-2026-53070

The CVE-2026-53070 issue affects the Linux kernel SCTP over UDP path. It concerns the IPv4/IPv6 sctp_udp_xmit code where xmit_skb() execution must occur with BH disabled; after a recursion-limit change, the context could migrate between CPUs, upsetting the dev_xmit_recursion pairing and potential...

CVE-2026-52917

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP diagnostics. When performing a socket diagnostic sockdiag lookup, the system may attempt to access memory related to an SCTP association that has already been freed. This can lead to an out-of-bounds read from...

CVE-2026-52917

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...