Linux Kernel SCTP Autoclose Integer Overflow Vulnerability in Association Initialization

Vulnerability

An integer overflow vulnerability has been identified in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. The issue arises in the 'sctp_association_init()' function, where the 'max_autoclose' parameter can be set to an excessively high value, leading to an overflow condition. By default, 'max_autoclose' is set to INT_MAX divided by HZ, but it can be manually adjusted to UINT_MAX. This vulnerability allows for unintended behavior in the autoclose mechanism of SCTP associations.

Impact

Exploitation of this vulnerability could lead to integer overflow, potentially causing memory corruption or other unintended consequences that could be exploited by an attacker.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCTP Autoclose Integer Overflow Vulnerability in Association Initialization

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating