Back to search
CVE-2025-40331
Published: Dec 9, 2025
Modified: May 11, 2026
PUBLISHED
Description
In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bounds in case the address list has grown between buffer allocation (time-of-check) and write (time-of-use).
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8f840e47f190cbe61a96945c13e9551048d42cef - < b106a68df0650b694b254427cd9250c04500edd3affected 8f840e47f190cbe61a96945c13e9551048d42cef - < 3006959371007fc2eae4a078f823c680fa52de1aaffected 8f840e47f190cbe61a96945c13e9551048d42cef - < 72e3fea68eac8d088e44c3dd954e843478e9240eaffected 8f840e47f190cbe61a96945c13e9551048d42cef - < 584307275b2048991b2e8984962189b6cc0a9b85affected 8f840e47f190cbe61a96945c13e9551048d42cef - < c9119f243d9c0da3c3b5f577a328de3e7ffd1b42+3 more versions |
Linux | Linux | affected 4.7unaffected 0 - < 4.7unaffected 5.4.302 - <= 5.4.*unaffected 5.10.247 - <= 5.10.*unaffected 5.15.197 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now