18 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux SCTP stack. A blind attacker may be able to terminate an existing SCTP connection by using invalid chunks, provided that the attacker knows the IP addresses and port numbers being used, and that the attacker can send packets with spoofed IP addresses...
CVE-2026-37235
FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sctp: The issue of integer overflow during autoclose operations in sctpassociationinit has been addressed. By default, maxautoclose equals INTMAX / HZ. However, it is possible to set net.sctp.maxautoclose to UINTMAX. There is...
openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20572-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20572-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scs...
SUSE-SU-2026:21361-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow bsc1252073. - CVE-2025-40253: s390/ctcm: Fix double-kfree bsc1255084. -...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000724)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000724 advisory. The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a deni...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001094)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001094 advisory. Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002161)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002161 advisory. Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-415238)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-415238 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose...
net/sctp: Prevent autoclose integer overflow in sctp_association_init()
...
DEBIAN-CVE-2024-57938
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...
AZL-55916 CVE-2024-57938 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...
AZL-55901 CVE-2024-57938 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...
CVE-2024-57938 net/sctp: Prevent autoclose integer overflow in sctp_association_init()
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...
Linux kernel 输入验证错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the sctpassociationinit function in the net/sctp module that could trigger an integer overflow, which could...
Amazon Linux AMI : kernel (ALAS-2023-1688)
The version of kernel installed on the remote host is prior to 4.14.262-135.486. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1688 advisory. 2024-04-30: CVE-2023-0047 was removed from this advisory rejected. 2024-02-01: CVE-2023-0047 was added to this...
SUSE CVE-2015-1421
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...
DEBIAN-CVE-2015-1421
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...