CVE-2022-0322
MEDIUMLinux Kernel < 5.15 - Denial of Service via SCTP Buffer Overflow in sctp_make_strreset_req
Title source: llmDescription
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2042822
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
5.5
EPSS
0.0029
EPSS Percentile
20.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-681
CWE-704
Status
published
Products (6)
fedoraproject/fedora
35
linux/linux_kernel
5.15 (6 CPE variants)
linux/linux_kernel
< 5.15
oracle/communications_cloud_native_core_binding_support_function
22.1.3
oracle/communications_cloud_native_core_network_exposure_function
22.1.1
oracle/communications_cloud_native_core_policy
22.2.0
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026