CVE-2024-50299

Published Nov 19, 2024

Last updated a month ago

CVSS medium 5.5

Ubuntu

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Modified
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-908
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-908

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B05C5F00-EA7E-4BC1-8DF1-F469FA05D619",
            "versionEndExcluding": "4.19.324",
            "versionStartIncluding": "2.6.12",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E",
            "versionEndExcluding": "5.4.286",
            "versionStartIncluding": "4.20",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134",
            "versionEndExcluding": "5.10.230",
            "versionStartIncluding": "5.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1",
            "versionEndExcluding": "5.15.172",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E",
            "versionEndExcluding": "6.1.117",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3",
            "versionEndExcluding": "6.6.61",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95",
            "versionEndExcluding": "6.11.8",
            "versionStartIncluding": "6.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
            "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
            "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
            "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References