medium
5.5
CWE
908
Advisory Published
Updated

CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb()

First published: Tue Nov 19 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=2.6.12<4.19.324
Linux Kernel>=4.20<5.4.286
Linux Kernel>=5.5<5.10.230
Linux Kernel>=5.11<5.15.172
Linux Kernel>=5.16<6.1.117
Linux Kernel>=6.2<6.6.61
Linux Kernel>=6.7<6.11.8
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
Linux Kernel=6.12-rc3
Linux Kernel=6.12-rc4
Linux Kernel=6.12-rc5
Linux Kernel=6.12-rc6
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/0ead60804b64f5bd6999eec88e503c6a1a242d41

Remedy

https://git.kernel.org/stable/c/40b283ba76665437bc2ac72079c51b57b25bff9e

Remedy

https://git.kernel.org/stable/c/67b9a278b80f71ec62091ded97c6bcbea33b5ec3

Remedy

https://git.kernel.org/stable/c/8820d2d6589f62ee5514793fff9b50c9f8101182

Remedy

https://git.kernel.org/stable/c/9b5d42aeaf1a52f73b003a33da6deef7df34685f

Remedy

https://git.kernel.org/stable/c/a758aa6a773bb872196bcc3173171ef8996bddf0

Remedy

https://git.kernel.org/stable/c/bf9bff13225baf5f658577f7d985fc4933d79527

Remedy

https://git.kernel.org/stable/c/d3fb3cc83cf313e4f87063ce0f3fea76b071567b

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50299?

    The severity of CVE-2024-50299 has yet to be classified, but it involves a validation issue in the Linux kernel's sctp_sf_ootb() function.

  • How do I fix CVE-2024-50299?

    To fix CVE-2024-50299, ensure your Linux kernel is updated to a version that addresses the size validation issue in sctp_sf_ootb().

  • Which Linux kernel versions are affected by CVE-2024-50299?

    CVE-2024-50299 affects multiple Linux kernel versions ranging from 2.6.12 up to 6.12-rc6.

  • What is the specific nature of the vulnerability in CVE-2024-50299?

    CVE-2024-50299 relates to improper validation of chunk sizes, which could lead to potential exploitation.

  • Is there a public reference for CVE-2024-50299?

    Yes, a public reference for CVE-2024-50299 can be found in the Linux kernel's code commits addressing the vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203