74 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53224
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the...
sctp: purge outqueue on stale COOKIE-ECHO handling
...
SUSE CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53246
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A remote attacker could exploit this by sending a specially crafted COOKIEECHO chunk to a listening SCTP server. The server's failure to properly validate the length of a cached peer INIT chunk within...
CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
UBUNTU-CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53246 sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53246
CVE-2026-53246 : In the Linux kernel SCTP implementation, a vulnerability exists in how COOKIE_ECHO payloads are processed. The cached peer INIT chunk embedded after the cookie could have its header length inflated without proper validation, allowing the parameter walk (via sctp_walk_params/sctp_...
EUVD-2026-39197
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53246 sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
SUSE CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
PT-2026-52341
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SCTP server's processing of COOKIE ECHO chunks. When parsing the cached peer INIT chunk embedded after the cookie, the system fails to validate the chunk header leng...
CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
CVE-2026-52924
The CVE-2026-52924 entry describes a Linux kernel SCTP use-after-free vulnerability triggered during Stale COOKIE-ECHO handling. In COOKIE_WAIT transitions, sctp_stream_update() can leave a stale out_curr pointer after rolling back from COOKIE_ECHOED to COOKIE_WAIT, so scheduler paths (FCFS/RR/PR...
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
SUSE CVE-2026-23125
In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...
CVE-2026-23125
In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...
CVE-2026-23125
In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...