Linux Kernel Null Dereference Vulnerability in SCTP Event Handling

A null dereference vulnerability has been identified in the Linux kernel's handling of SCTP (Stream Control Transmission Protocol) events. This issue arises in the function 'sctp_sf_do_5_1D_ce' within the SCTP state management file. The vulnerability occurs when 'new_asoc->peer.adaptation_ind' is 0, 'sctp_ulpevent_make_authkey' is 0, and the 'sctp_ulpevent_make_authkey' function returns 0. Under these conditions, the variable 'ai_ev' remains zero, leading to a null dereference when 'ai_ev' is passed to the 'sctp_ulpevent_free' function.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

To reproduce this vulnerability, create a new association in SCTP where the 'adaptation_ind' is set to 0. Ensure that the 'sctp_ulpevent_make_authkey' function is configured to return 0. Under these conditions, the 'ai_ev' variable will remain zero, and when it is dereferenced in the 'sctp_ulpevent_free' function', it will cause a null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the distribution's documentation.