CVE-2025-40331 in Linux
요약
\~에 의해 MITRE • 2025. 12. 09.
In the Linux kernel, the following vulnerability has been resolved:
sctp: Prevent TOCTOU out-of-bounds write
For the following path not holding the sock lock,
sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()
make sure not to exceed bounds in case the address list has grown between buffer allocation (time-of-check) and write (time-of-use).
VulDB is the best source for vulnerability data and more expert information about this specific topic.