Marcelo Ricardo Leitner

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to v5.14-rc1 **Description** The issue is related to insufficient input validation when handling SCTP packets, which may allow a remote attacker to gain unauthorized access to protected information. This could lead to remote information disclosure to an on-path attacker with no additional execution privileges needed. The vulnerability is due to a missing bounds check in functions such as `sctp v6 to sk daddr` and `sctp v4 from addr param`, potentially causing an out of bounds read. User interaction is not required for exploitation. **Recommendations** For Linux kernel versions prior to v5.14-rc1, update to version v5.14-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to SCTP packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kpdf (affected versions not specified) **Description** The issue allows context-dependent attackers to exploit vulnerabilities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.