SUSE CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

SUSE CVE-2014-4667

The sctpassociationfree function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service socket outage via a crafted SCTP packet...

SUSE CVE-2014-8160

net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with...

SUSE CVE-2017-15115

The sctpdopeeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via crafted syste...

SUSE CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash...

SUSE CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable...

SUSE CVE-2020-6532

Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses...

OESA-2022-1941 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the sctpmakestrresetreq function in net/sctp/smmakechunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. This flaw allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. The highest threat from this vulnerability is to system availability...

USN-5162-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

OESA-2021-1433 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packe...

kernel: Race condition in sctp_destroy_sock list_del

A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

The vulnerability of the WebRTC component in the Google Chrome web browser, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WebRTC component in the Google Chrome web browser is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service interruptions through a specially create...

PT-2022-4748 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the sctp make strreset req function in net/sctp/sm make chunk.c in the SCTP network protocol. This issue is related to an attempt to use more buffer than is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel SCTP, where an attacker may be able to kill an existing SCTP association with an invalid block if the attacker knows the IP...

PT-2021-7751 · Linux +9 · Linux +9

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being...

The vulnerability of Linux operating system kernels, related to deficiencies in input data validation, allows attackers to gain unauthorized access to protected information.

The vulnerability of Linux operating system kernels is related to deficiencies in the validation of input data during the processing of SCTP packets. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

PT-2021-1518 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.14-rc1 Description: The issue is related to insufficient input validation when handling SCTP packets, which may allow a remote attacker to gain unauthorized access to protected information. This could lead to...