๐Ÿ” CVE Alert

CVE-2024-50299

MEDIUM 5.5

sctp: properly validate chunk size in sctp_sf_ootb()

CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Nov 19, 2024
Last Updated May 12, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67b9a278b80f71ec62091ded97c6bcbea33b5ec3 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9b5d42aeaf1a52f73b003a33da6deef7df34685f 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 40b283ba76665437bc2ac72079c51b57b25bff9e 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a758aa6a773bb872196bcc3173171ef8996bddf0 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < bf9bff13225baf5f658577f7d985fc4933d79527 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d3fb3cc83cf313e4f87063ce0f3fea76b071567b 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8820d2d6589f62ee5514793fff9b50c9f8101182 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0ead60804b64f5bd6999eec88e503c6a1a242d41
Linux / Linux
2.6.12

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/67b9a278b80f71ec62091ded97c6bcbea33b5ec3 git.kernel.org: https://git.kernel.org/stable/c/9b5d42aeaf1a52f73b003a33da6deef7df34685f git.kernel.org: https://git.kernel.org/stable/c/40b283ba76665437bc2ac72079c51b57b25bff9e git.kernel.org: https://git.kernel.org/stable/c/a758aa6a773bb872196bcc3173171ef8996bddf0 git.kernel.org: https://git.kernel.org/stable/c/bf9bff13225baf5f658577f7d985fc4933d79527 git.kernel.org: https://git.kernel.org/stable/c/d3fb3cc83cf313e4f87063ce0f3fea76b071567b git.kernel.org: https://git.kernel.org/stable/c/8820d2d6589f62ee5514793fff9b50c9f8101182 git.kernel.org: https://git.kernel.org/stable/c/0ead60804b64f5bd6999eec88e503c6a1a242d41 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-398330.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-265688.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-355557.html