CVE-2025-40331 in Linux Kernel信息

摘要 (英语)

In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bounds in case the address list has grown between buffer allocation (time-of-check) and write (time-of-use).

负责

Linux

预定

2025-04-16

披露

2025-12-09

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
334917	Linux Kernel sctp sctp_diag_dump 内存损坏	787	未定义	官方修复	CVE-2025-40331

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

◂ 上一步一览下一步 ▸