CVE-2025-40331

Summary

In the Linux kernel, the following vulnerability has been resolved:

sctp: Prevent TOCTOU out-of-bounds write

For the following path not holding the sock lock,

sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()

make sure not to exceed bounds in case the address list has grown between buffer allocation (time-of-check) and write (time-of-use).

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < b106a68df0650b694b254427cd9250c04500edd3affected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < 3006959371007fc2eae4a078f823c680fa52de1aaffected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < 72e3fea68eac8d088e44c3dd954e843478e9240eaffected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < 584307275b2048991b2e8984962189b6cc0a9b85affected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < c9119f243d9c0da3c3b5f577a328de3e7ffd1b42affected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < 2fe08fcaacb7eb019fa9c81db39b2214de216677affected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < 89eac1e150dbd42963e13d23828cb8c4e0763196affected
LinuxLinux8f840e47f190cbe61a96945c13e9551048d42cef < 95aef86ab231f047bb8085c70666059b58f53c09affected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux5.4.302 <= 5.4.*unaffected
LinuxLinux5.10.247 <= 5.10.*unaffected
LinuxLinux5.15.197 <= 5.15.*unaffected
LinuxLinux6.1.159 <= 6.1.*unaffected
LinuxLinux6.6.117 <= 6.6.*unaffected
LinuxLinux6.12.58 <= 6.12.*unaffected
LinuxLinux6.17.8 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References