CVE-2022-49838

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A crash was reported due to list del corruption in the Linux kernel's sctp module. The issue occurs when the last fragment of a message is dequeued from the out curr stream in sctp prsctp prune unsent(), but out curr is not set to NULL. Normally, stream->out curr should be set to NULL once all fragments of the current message are dequeued, as seen in sctp sched dequeue done(). However, in sctp prsctp prune unsent(), this is not done because it is not a proper dequeue. The problem is solved by setting out curr to NULL when the last fragment of the current message is dequeued from the out curr stream in sctp prsctp prune unsent().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.