CVE-2023-53590

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the SCTP (Stream Control Transmission Protocol) implementation. A missing reference counter in sctp stream priorities could lead to a nested loop during stream priority freeing, potentially causing a system hang or soft lockup, as reported by a user. The fix introduces a reference counter to avoid traversing all streams when freeing a stream's priority, preventing the nested loop. The issue occurs in the sctp sched prio free sid() function, which is called from sctp stream free ext(), sctp stream free(), and sctp association free(). The fix also includes a check in sctp sched prio set to prevent potential priority head reference count overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.