SB2025120882 - Out-of-bounds read in Linux kernel sctp
Published: December 8, 2025
Security Bulletin ID
SB2025120882
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-40281)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_update_rto() function in net/sctp/transport.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0e0413e3315199b23ff4aec295e256034cd0a6e4
- https://git.kernel.org/stable/c/1534ff77757e44bcc4b98d0196bc5c0052fce5fa
- https://git.kernel.org/stable/c/1cfa4eac275cc4875755c1303d48a4ddfe507ca8
- https://git.kernel.org/stable/c/834e65be429c0fa4f9bb5945064bd57f18ed2187
- https://git.kernel.org/stable/c/aaba523dd7b6106526c24b1fd9b5fc35e5aaa88d
- https://git.kernel.org/stable/c/abb086b9a95d0ed3b757ee59964ba3c4e4b2fc1a
- https://git.kernel.org/stable/c/d0d858652834dcf531342c82a0428170aa7c2675
- https://git.kernel.org/stable/c/ed71f801249d2350c77a73dca2c03918a15a62fe