CVE-2024-57938

Опубликовано: 21 янв. 2025

Источник: redhat

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel	Affected
Red Hat Enterprise Linux 9	kernel-rt	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=2339121kernel: net/sctp: Prevent autoclose integer overflow in sctp_association_init()

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-57938

CVSS3: 5.5

ubuntu

7 месяцев назад

CVE-2024-57938

CVSS3: 5.5

nvd

7 месяцев назад

CVE-2024-57938

CVSS3: 5.5

msrc

5 месяцев назад

Описание отсутствует

CVE-2024-57938

CVSS3: 5.5

debian

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

GHSA-frp4-f42v-g8xw

CVSS3: 5.5

github

7 месяцев назад

5.5 Medium

CVSS3