Linux Kernel Vulnerability in SCTP Stream Number Handling
CVE-2023-53296

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2023-53296?

A vulnerability in the Linux kernel related to Stream Control Transmission Protocol (SCTP) can lead to unexpected behavior in message sending. When a client is connected with a specific out stream count, a condition can arise where messages are sent on a non-existent stream after a thread wakes from waiting for a send buffer. This issue occurs due to a race condition in which the out stream count may decrease while another thread attempts to send messages, potentially causing a crash. The patch added to address this issue involves checking the send stream number to ensure stability and prevent null pointer dereferencing.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 < 9346a1a21142357972a6f466ba6275ddc54b04ac

Linux 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 < 0443fff49d6352160c200064156c25898bd9f58c

Linux 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51

References

https://git.kernel.org/stable/c/9346a1a21142357972a6f466b...
https://git.kernel.org/stable/c/0443fff49d6352160c2000641...
https://git.kernel.org/stable/c/b4b6dfad41aaae9e36e44327b...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.