VULHUB ™

An integer overflow vulnerability has been reported in the sctp_setsockopt() system call of the Linux kernel. This issue is related to the code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option. The issue presents itself in the sctp_setsockopt() function of the net/sctp/socket.c source file, due to a lack of sufficient validation performed on user supplied integer values. This vulnerability may result in the allocation of a 32 or 64 byte chunk in kernel memory space. Likely resulting in a kernel panic on a subsequent copy into memory operation. The issue may also potentially be exploited however to compromise the system. This vulnerability is reported to affect Linux kernel versions up to and including version 2.4.25.

An integer overflow vulnerability has been reported in the sctp_setsockopt() system call of the Linux kernel. This issue is related to the code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option. The issue presents itself in the sctp_setsockopt() function of the net/sctp/socket.c source file, due to a lack of sufficient validation performed on user supplied integer values. This vulnerability may result in the allocation of a 32 or 64 byte chunk in kernel memory space. Likely resulting in a kernel panic on a subsequent copy into memory operation. The issue may also potentially be exploited however to compromise the system. This vulnerability is reported to affect Linux kernel versions up to and including version 2.4.25.