Impact
The Linux kernel SCTP implementation contains a flaw where, during rollback from a stale cookie error, a pointer to a freed stream structure is retained, allowing the scheduler’s dequeue paths to dereference freed memory and trigger a kernel crash‑after‑free condition and can bring the affected system down if the vulnerability is exercised.
Affected Systems
The defect exists in all Linux kernel versions that ship the SCTP stack and have not applied the patch contained in the commit set referenced in the CVE. Because the Linux kernel is widely distributed across many Linux distributions, every system running an unpatched kernel with SCTP enabled is potentially affected.
Risk and Exploitability
The CVSS score of 9.8 indicates severe impact, while the EPSS score of <1% indicates a very low probability that the vulnerability will be explored and exploited in the wild. The flaw is not listed as a known exploited vulnerability by CISA. Based on how SCTP operates, it is reasonable to infer that an attacker could trigger the crash by sending malicious SCTP packets over the network, thereby exploiting the stale cookie path; however, the CVE data does not provide a published exploit and the actual exploitation path remains unverified.
OpenCVE Enrichment
Debian DLA