Linux · Linux Kernel · CVE-2024-57938
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 6.6.74
**Description**
The issue is related to an integer overflow in the `sctp association init()` function. By default, `max autoclose` equals `INT MAX / HZ`, but it can be set to `UINT MAX` via `net.sctp.max autoclose`. This setting can trigger an overflow in the `sctp association init()` function.
**Recommendations**
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of `net.sctp.max autoclose` set to `UINT MAX` until a patch is available.