SB2025090504 - Improper locking in Linux kernel sctp
Published: September 5, 2025
Security Bulletin ID
SB2025090504
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03d0cc6889e02420125510b5444b570f4bbf53d5
- https://git.kernel.org/stable/c/1bd5214ea681584c5886fea3ba03e49f93a43c0e
- https://git.kernel.org/stable/c/7d757f17bc2ef2727994ffa6d5d6e4bc4789a770
- https://git.kernel.org/stable/c/cd0e92bb2b7542fb96397ffac639b4f5b099d0cb
- https://git.kernel.org/stable/c/d0194e391bb493aa6cec56d177b14df6b29188d5
- https://git.kernel.org/stable/c/ea094f38d387d1b0ded5dee4a3e5720aa4ce0139
- https://git.kernel.org/stable/c/fc66772607101bd2030a4332b3bd0ea3b3605250
- https://git.kernel.org/stable/c/fd60d8a086191fe33c2d719732d2482052fa6805