sctp: properly validate chunk size in sctp_sf_ootb()
A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add
size validation when walking chunks") is also required in sctp_sf_ootb()
to address a crash reported by syzbot:
BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166
sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407
sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243
sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159
ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233
Metrics
Affected Vendors & Products
| Source | ID | Title | 
|---|---|---|
  Debian DLA | 
                DLA-4008-1 | linux-6.1 security update | 
  Debian DLA | 
                DLA-4075-1 | linux security update | 
  Debian DSA | 
                DSA-5818-1 | linux security update | 
  Ubuntu USN | 
                USN-7276-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7277-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7288-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7288-2 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7289-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7289-2 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7289-3 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7289-4 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7291-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7293-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7294-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7294-2 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7294-3 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7294-4 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7295-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7305-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7308-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7310-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7331-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7388-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7389-1 | Linux kernel (NVIDIA Tegra) vulnerabilities | 
  Ubuntu USN | 
                USN-7390-1 | Linux kernel (Xilinx ZynqMP) vulnerabilities | 
  Ubuntu USN | 
                USN-7393-1 | Linux kernel (FIPS) vulnerabilities | 
  Ubuntu USN | 
                USN-7401-1 | Linux kernel (AWS) vulnerabilities | 
  Ubuntu USN | 
                USN-7413-1 | Linux kernel (IoT) vulnerabilities | 
  Ubuntu USN | 
                USN-7449-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7449-2 | Linux kernel (HWE) vulnerabilities | 
  Ubuntu USN | 
                USN-7450-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7451-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7452-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7453-1 | Linux kernel (Real-time) vulnerabilities | 
  Ubuntu USN | 
                USN-7458-1 | Linux kernel (IBM) vulnerabilities | 
  Ubuntu USN | 
                USN-7468-1 | Linux kernel (Azure, N-Series) vulnerabilities | 
  Ubuntu USN | 
                USN-7523-1 | Linux kernel (Raspberry Pi Real-time) vulnerabilities | 
  Ubuntu USN | 
                USN-7524-1 | Linux kernel (Raspberry Pi) vulnerabilities | 
  Ubuntu USN | 
                USN-7539-1 | Linux kernel (Raspberry Pi) vulnerabilities | 
  Ubuntu USN | 
                USN-7540-1 | Linux kernel (Raspberry Pi) vulnerabilities | 
  Ubuntu USN | 
                USN-7853-1 | Linux kernel vulnerabilities | 
  Ubuntu USN | 
                USN-7853-2 | Linux kernel (FIPS) vulnerabilities | 
  Ubuntu USN | 
                USN-7854-1 | Linux kernel (KVM) vulnerabilities | 
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 03 Nov 2025 23:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
         | 
Mon, 03 Nov 2025 21:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
         | 
Wed, 01 Oct 2025 21:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | 
        
        ssvc
         
  | 
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | 
        
        
        epss
         
  | 
    
        
        
        epss
         
  | 
Wed, 14 May 2025 02:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | 
        
        Redhat
         Redhat enterprise Linux  | 
|
| CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9  | 
|
| Vendors & Products | 
        
        Redhat
         Redhat enterprise Linux  | 
Fri, 22 Nov 2024 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
         | |
| Metrics | 
        
        
        threat_severity
         
  | 
    
        
        
        threat_severity
         
  | 
Fri, 22 Nov 2024 12:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | 
        
        Linux
         Linux linux Kernel  | 
|
| Weaknesses | CWE-908 | |
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*  | 
|
| Vendors & Products | 
        
        Linux
         Linux linux Kernel  | 
|
| Metrics | 
        
        cvssV3_1
         
  | 
Tue, 19 Nov 2024 01:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233 | |
| Title | sctp: properly validate chunk size in sctp_sf_ootb() | |
| References | 
         | 
        
  | 
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2025-11-03T22:28:16.706Z
Reserved: 2024-10-21T19:36:19.987Z
Link: CVE-2024-50299
Updated: 2025-11-03T22:28:16.706Z
Status : Modified
Published: 2024-11-19T02:16:32.053
Modified: 2025-11-03T23:17:12.457
Link: CVE-2024-50299
                        OpenCVE Enrichment
                    No data.
 Debian DLA
 Debian DSA
 Ubuntu USN