CVE-2024-57938

In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53	Patch
https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94	Patch
https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477	Patch
https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d	Patch
https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a	Patch
https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e	Patch
https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::

History

22 Jan 2025, 23:01

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CWE		CWE-190
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53 -~~	() https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53 - Patch
References	~~() https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94 -~~	() https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94 - Patch
References	~~() https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477 -~~	() https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477 - Patch
References	~~() https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d -~~	() https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d - Patch
References	~~() https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a -~~	() https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a - Patch
References	~~() https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e -~~	() https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e - Patch
References	~~() https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f -~~	() https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5::::::

21 Jan 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-21 12:15

Updated : 2025-01-22 23:01

NVD link : CVE-2024-57938

Mitre link : CVE-2024-57938

CVE.ORG link : CVE-2024-57938

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

5.5 /10