A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
| Link | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2000694 | issue tracking third party advisory patch |
| https://ubuntu.com/security/CVE-2021-3772 | third party advisory patch |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df | mailing list patch vendor advisory |
| https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df | third party advisory patch |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | third party advisory mailing list |
| https://www.debian.org/security/2022/dsa-5096 | third party advisory vendor advisory |
| https://www.oracle.com/security-alerts/cpujul2022.html | third party advisory patch |
| https://security.netapp.com/advisory/ntap-20221007-0001/ | third party advisory |