5 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the net structure via current is not recommended for various reasons: - Inconsistency: obtaining information from the...
CVE-2025-21638
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
CVE-2025-21638
CVE-2025-21638 - Linux kernel SCTP sysctl auth_enable is fixed. The issue arises from using the current task’s nsproxy via the net structure (current->nsproxy) when reading sctp. sysctl settings, leading to potential NULL pointer dereference if current task is exiting. The fix replaces direct ...
CVE-2025-21638 sctp: sysctl: auth_enable: avoid using current->nsproxy
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
Null pointer dereference
The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...