CVE-2023-1074 in Linux
Summary
by MITRE • 03/28/2023
A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/17/2025
The vulnerability identified as CVE-2023-1074 represents a critical memory leak flaw within the Linux kernel's implementation of the Stream Control Transmission Protocol SCTP which operates at the transport layer of the network stack. This issue manifests when a malicious user initiates a specially crafted networking service that accepts connections from other parties, creating a scenario where the kernel's SCTP implementation fails to properly release allocated memory resources upon connection termination or error conditions. The flaw resides in the kernel's handling of SCTP socket management and connection state cleanup mechanisms, specifically affecting how the system manages memory allocations during the establishment and teardown phases of SCTP connections.
The technical exploitation of this vulnerability occurs through a carefully constructed malicious service that leverages the SCTP protocol to establish connections with unsuspecting clients. When legitimate users connect to this malicious service, the kernel's SCTP implementation repeatedly allocates memory structures to manage the connection state but fails to properly deallocate these resources during normal connection termination or error scenarios. This memory leak accumulates over time as multiple connections are established and torn down, leading to progressive memory exhaustion within the kernel's memory management subsystem. The vulnerability is classified under CWE-401 as a weakness related to improper management of memory allocation and deallocation, specifically manifesting as a failure to release memory resources.
The operational impact of CVE-2023-1074 extends beyond simple resource exhaustion to potentially compromise system stability and availability across multiple attack vectors. Local attackers can leverage this vulnerability to consume system resources progressively, eventually leading to system instability, application crashes, or complete system denial of service. The attack scenario typically involves an attacker running a malicious service that accepts SCTP connections from local or remote users, with the malicious service designed to trigger the memory leak condition through specific connection patterns or error handling scenarios. This vulnerability affects systems running Linux kernel versions that include the SCTP implementation, particularly those in server environments where SCTP services might be exposed to untrusted network connections, making it a significant concern for network infrastructure and service providers.
Mitigation strategies for CVE-2023-1074 should focus on both immediate system hardening and long-term kernel updates to address the root cause. System administrators should implement monitoring for unusual memory consumption patterns and establish connection rate limiting mechanisms to prevent rapid memory exhaustion attacks. The most effective long-term solution involves applying kernel patches that correct the memory management issues within the SCTP implementation, addressing the specific memory leak conditions in the kernel's socket management code. Additionally, network segmentation and firewall rules should be configured to limit exposure to SCTP services, particularly in environments where SCTP is not essential for legitimate operations. Organizations should also consider implementing automated monitoring solutions that can detect memory allocation patterns consistent with this vulnerability, aligning with ATT&CK technique T1499.004 for resource exhaustion attacks. The vulnerability demonstrates the importance of proper memory management practices in kernel space code and highlights the need for comprehensive testing of protocol implementations under stress conditions to prevent similar issues from manifesting in production environments.