Lucene search
+L

258 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the SCTPSENDALL path, where sctpsendmsgtoasoc may release the socket lock, causing other threads ...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A null pointer dereference issue was discovered in the SCTP network protocol within the net/sctp/streamsched.c file in the Linux kernel. If the streamin allocation fails, the streamout resource is freed, allowing further access to it. A local user could exploit this vulnerability to crash the...

5.5CVSS6.7AI score0.00209EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Use callrcu to free endpoints This patch delays the endpoint freeing process by calling callrcu, in order to address another use-after-free issue in sctpsockdump: BUG: KASAN: Use-after-free in lockacquire+0x36d9/0x4c20...

5.5CVSS6.3AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: SCTP: Fixed a memory leak in sctpstreamoutqmigrate. When sctpstreamoutqmigrate is called to release resources related to streamouts, the memory pointed to by priohead in the streamout context is not released properly. The details...

5.5CVSS6.2AI score0.0024EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Properly handles tunneled traffic when using GSO fallback for IPV6CSUM. NETIFFIPV6CSUM only indicates support for packet checksum offloading without IPv6 extension headers. Packets with extension headers must rely on...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has security vulnerabilities; these vulnerabilities stem from incorrect packet validation, which leads to infinite recursion when parsing SCTP block parameters. This can result in stack overflows and crashes...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007046 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in...

7.8CVSS5.6AI score0.00151EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007591 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0...

5.6AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2026/04/06 8:16 a.m.9 views

UBUNTU-CVE-2026-31407

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly...

7.1CVSS5.7AI score0.00169EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 6:42 p.m.8 views

GO-2026-4874 Ella Core has a Denial of Service via SCTP connection cleanup deadlock in github.com/ellanetworks/core

Ella Core has a Denial of Service via SCTP connection cleanup deadlock in github.com/ellanetworks/core...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.8 views

PT-2026-29929

Ella Core has a Denial of Service via SCTP connection cleanup deadlock in github.com/ellanetworks/core...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 9:17 p.m.10 views

CVE-2026-33904

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 8:55 p.m.19 views

CVE-2026-33904

Ella Core is a 5G private-network core. In versions prior to 1.7.0, a deadlock in the AMF SCTP notification handler causes the entire AMF control plane to hang, enabling a denial of service when an attacker with access to the N2 interface sends crafted SCTP notifications. Version 1.7.0 adds defer...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/27 8:55 p.m.24 views

CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS0.00165EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 10:13 p.m.9 views

Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Summary A deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. Impact An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denial of service for all subscribers. Fix Add deferred Radio cleanu...

6.5CVSS5.8AI score0.00165EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/25 4:12 a.m.14 views

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

5.8AI score0.00184EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/17 3:0 p.m.7 views

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

5.8AI score0.00184EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005550 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: fix a potential overflow in sctpifwdtsnskip Currently, when traversing ifwdtsn skips with...

7.8CVSS6AI score0.00155EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005562)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005562 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: set skstate back to CLOSED if autobind fails in sctplistenstart In sctplistenstart invoked ...

5.5CVSS6.8AI score0.00277EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/14 3:16 p.m.9 views

CVE-2026-23125

In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References31
Rows per page
Query Builder