Lucene search
+L

258 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003359 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

7.5CVSS6.6AI score0.03763EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002072)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002072 advisory. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of...

5CVSS7AI score0.0585EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2026/01/12 9:30 a.m.2 views

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

5.8AI score0.00184EPSS
Exploits0References5
OSV
OSV
added 2026/01/12 12:0 a.m.7 views

ALSA-2026:0444 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: rc: fix races with imondisconnect CVE-2025-39993 kernel: sctp: avoid NULL dereference when chunk data buffer is missing CVE-2025-40240 kernel: libceph: fix potential use-after-free...

6.9AI score0.00218EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000339 advisory. In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the sctpsendmsg function net/sctp/socket.c when handling SCTPSENDALL flag can be...

7.8CVSS7.3AI score0.01129EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-8118

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0 Description A null pointer dereference issue was identified in the SCTP transmit path during SCTP-AUTH key initialization. This occurs when processing an INIT ACK, specifically if sctp auth asoc init active...

5.5CVSS6.2AI score0.00114EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/12/17 7:48 a.m.3 views

kernel: sctp: linearize cloned gso packets in sctp_rcv

A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/09 11:59 a.m.3 views

kernel: sctp: linearize cloned gso packets in sctp_rcv

A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/09 11:59 a.m.15 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS6.6AI score0.01067EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2025/12/09 4:9 a.m.4 views

CVE-2025-40331

In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...

5.5AI score0.00209EPSS
Exploits0
OSV
OSV
added 2025/12/09 4:9 a.m.13 views

CVE-2025-40331 sctp: Prevent TOCTOU out-of-bounds write

In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...

6.6AI score0.00209EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2025/12/08 9:1 a.m.5 views

sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto

...

7CVSS7AI score0.00189EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/12/06 9:2 a.m.13 views

sctp: avoid NULL dereference when chunk data buffer is missing

...

8.6CVSS7AI score0.00184EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/12/05 12:25 a.m.6 views

SUSE CVE-2025-40240

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

5.5CVSS6.7AI score0.00184EPSS
Exploits0References24
OSV
OSV
added 2025/12/04 4:16 p.m.5 views

UBUNTU-CVE-2025-40240

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

5.8AI score0.00184EPSS
Exploits0References40
CVE
CVE
added 2025/12/04 3:31 p.m.30 views

CVE-2025-40240

In CVE-2025-40240, the Linux kernel SCTP path had a NULL dereference when chunk data buffer was missing. The fix ensures chunk->skb is not dereferenced unless the chunk head indicates a valid skb, by checking frag_list and reordering the replacement of chunk->skb. The outer if() condition g...

6.3AI score0.00184EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2025/11/14 9:2 a.m.4 views

net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()

...

5.5CVSS7AI score0.00207EPSS
Exploits0
EUVD
EUVD
added 2025/11/13 12:30 a.m.3 views

EUVD-2025-150387

In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0 and sctpulpeventmakeauthkey=0 and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero and the zero will be...

5.9AI score0.00207EPSS
Exploits0References9
OSV
OSV
added 2025/11/12 10:15 p.m.5 views

UBUNTU-CVE-2025-40187

In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0 and sctpulpeventmakeauthkey=0 and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero and the zero will be...

5.7AI score0.00207EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990769 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: clear outcurr if all frag chunks of current msg are pruned A crash was reported by Zhen Che...

5.5CVSS5.3AI score0.00183EPSS
Exploits0References4
Rows per page
Query Builder