251 matches found
ALSA-2025:16920 Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: netsched: hfsc: Fix a UAF vulnerability in class handling CVE-2025-37797 kernel: firmware: armscpi: Ensure...
CentOS 9 : kernel-5.14.0-617.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-617.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares...
sctp: initialize more fields in sctp_v6_from_sk()
...
AZL-74706 CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctpv6fromsk syzbot found that sin6scopeid was not properly initialized, leading to undefined behavior. Clear sin6scopeid and sin6flowinfo. BUG: KMSAN: uninit-value in sctpv6cmpaddr+0x887/0x8c0...
CVE-2025-39812 sctp: initialize more fields in sctp_v6_from_sk()
In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctpv6fromsk syzbot found that sin6scopeid was not properly initialized, leading to undefined behavior. Clear sin6scopeid and sin6flowinfo. BUG: KMSAN: uninit-value in sctpv6cmpaddr+0x887/0x8c0...
CVE-2022-50243 sctp: handle the error returned from sctp_auth_asoc_init_active_key
In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...
sctp: linearize cloned gso packets in sctp_rcv
...
CVE-2025-38718 sctp: linearize cloned gso packets in sctp_rcv
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...
PT-2025-35991
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of cloned GSO Generic Segmentation Offload packets within the SCTP Stream Control Transmission Protocol stack. Specifically, a...
The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the sctp_sf_do_dupcook_a() function in the net/sctp/sm_statefuns.c module of the SCTP protocol implementation in the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the sctpsfdodupcooka function in the net/sctp/smstatefuns.c module of the Linux operating system’s SCTP protocol implementation is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-41399
When a Stream Control Transmission Protocol SCTP profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Avoid Using Uncommon Network Services
Some protocols are seldom used and their communities develop slowly. Therefore, related security issues cannot be quickly resolved. If these protocols are not disabled, attackers may exploit the protocols or code vulnerabilities to launch attacks. Stream Control Transmission Protocol SCTP is used...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an SCTP configuration that results in increased memory resource utilization...
CLSA-2025-1746479711 kernel-uek: Fix of 218 CVEs
sctp: sysctl: authenable: avoid using current-nsproxy - sctp: sysctl: cookiehmacalg: avoid using current-nsproxy CVE-2025-21640 - bpf: Use preemptcount directly in bpfsendsignalcommon - Revert "sctp: sysctl: cookiehmacalg: avoid using current-nsproxy" - jfs: fix slab-out-of-bounds read in eaget -...
SUSE CVE-2025-23142
In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctpsendmsg re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from sctp not clearing outcurr, which could lead to a list deletion error...