CVE-2008-4113

Priority
Description
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an
untrusted length value to limit copying of data from kernel memory, which
allows local users to obtain sensitive information via a crafted
SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.
Assigned-to
smb_tp
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 00:47:05 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)