SB2025100527 - Improper locking in Linux kernel sctp
Published: October 5, 2025 Updated: October 27, 2025
Security Bulletin ID
SB2025100527
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2023-53590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_sched_prio_new_head(), sctp_sched_prio_get_head(), sctp_sched_prio_set() and sctp_sched_prio_init_sid() functions in net/sctp/stream_sched_prio.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03c3a5584a0a29821e59b7834635ce823050caaa
- https://git.kernel.org/stable/c/68ba44639537de6f91fe32783766322d41848127
- https://git.kernel.org/stable/c/6d529928ea212127851a2df8c40d822237ca946b
- https://git.kernel.org/stable/c/8ee401f89cdb10f39098c0656d695b2bc4052100
- https://git.kernel.org/stable/c/bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
- https://git.kernel.org/stable/c/cec326443f01283ef68ea00c06ea073b1835a562
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.235