4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
9.7%
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an
untrusted length value to limit copying of data from kernel memory, which
allows local users to obtain sensitive information via a crafted
SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.