Fixed
Created: Sep 19, 2025
Updated: Oct 14, 2025
Resolved Date: Oct 13, 2025
Found In Version: 10.21.20.1
Fix Version: 10.21.20.18
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved: sctp: fix a potential overflow in sctp_ifwdtsn_skip Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only checks the pos against the end of the chunk. However, the data left for the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference it as struct sctp_ifwdtsn_skip may cause coverflow. This patch fixes it by checking the pos against "the end of the chunk - sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to sctp_fwdtsn_skip.
