Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0 and sctp_ulpevent_make_authkey() returns 0, then the variable ai_ev remains zero and the zero will be dereferenced in the sctp_ulpevent_free() function.
CVSS3: 7
| OS | Vendor version | Errata |
|---|---|---|
| Oracle Linux 8 UEK 6 | 5.4.17-2136.350.3.1.el8uek | ELSA-2025-28049 |
| Debian 11 | 5.10.247-1 | DLA-4404-1 |
| Debian 11 cloud | 5.10.247-1 | DLA-4404-1 |
| Oracle Linux 9 UEK 7 | 5.15.0-315.196.5.1.el9uek | ELSA-2025-28048 |
| Oracle Linux 8 UEK 7 | 5.15.0-315.196.5.1.el8uek | ELSA-2025-28048 |
| Amazon Linux 2023 | 6.1.158-178.288.amzn2023 | ALAS2023-2025-1297 |
| OS | Original kernel version | State |
|---|---|---|
| Oracle Linux 8 UEK 6 | |
Planned |
| Debian 11 | |
Planned |
| Debian 11 cloud | |
Planned |
| Oracle Linux 9 UEK 7 | |
Planned |
| Oracle Linux 8 UEK 7 | |
Planned |
| Amazon Linux 2023 | |
Planned |