476 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000339)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000339 advisory. In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the sctpsendmsg function net/sctp/socket.c when handling SCTPSENDALL flag can be...
PT-2026-8118
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0 Description A null pointer dereference issue was identified in the SCTP transmit path during SCTP-AUTH key initialization. This occurs when processing an INIT ACK, specifically if sctp auth asoc init active...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992273)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992273 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from...
kernel: sctp: linearize cloned gso packets in sctp_rcv
A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...
kernel: sctp: linearize cloned gso packets in sctp_rcv
A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...
kernel: sctp: linearize cloned gso packets in sctp_rcv
A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2025-40331
In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...
CVE-2025-40331 sctp: Prevent TOCTOU out-of-bounds write
In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
...
DEBIAN-CVE-2025-40281
In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of-bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...
sctp: avoid NULL dereference when chunk data buffer is missing
...
SUSE CVE-2025-40240
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...
UBUNTU-CVE-2025-40240
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...
CVE-2025-40240
In CVE-2025-40240, the Linux kernel SCTP path had a NULL dereference when chunk data buffer was missing. The fix ensures chunk->skb is not dereferenced unless the chunk head indicates a valid skb, by checking frag_list and reordering the replacement of chunk->skb. The outer if() condition g...
CVE-2025-40240
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible dereference of a null pointer when SCTP handles a missing data buffer...
kernel: sctp: linearize cloned gso packets in sctp_rcv
A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...
kernel: sctp: linearize cloned gso packets in sctp_rcv
A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...
sctp: Fix MAC comparison to be constant-time
...