CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
EPSS
Percentile
10.4%
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an
untrusted length value to limit copying of data from kernel memory, which
allows local users to obtain sensitive information via a crafted
SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.