CVE-2024-57938

MEDIUM EPSS 10.8%
Published Jan 21, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 21, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥3.13  –  <5.4.289
linuxlinux_kernel*≥5.5  –  <5.10.233
linuxlinux_kernel*≥5.11  –  <5.15.176
linuxlinux_kernel*≥5.16  –  <6.1.124
linuxlinux_kernel*≥6.2  –  <6.6.70
linuxlinux_kernel*≥6.7  –  <6.12.9
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f
    Patch