{"id":"CVE-2023-2177","details":"A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.","modified":"2026-03-13T07:20:32.946787Z","published":"2023-04-20T21:15:08.997Z","related":["SUSE-SU-2023:3988-1","SUSE-SU-2023:4030-1","SUSE-SU-2023:4057-1","SUSE-SU-2023:4058-1","SUSE-SU-2023:4071-1","SUSE-SU-2023:4072-1","SUSE-SU-2023:4072-2","SUSE-SU-2023:4093-1","SUSE-SU-2023:4095-1","SUSE-SU-2023:4142-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.19"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc6"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc7"}]},{"events":[{"introduced":"0"},{"last_affected":"5.19-rc8"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-2177.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}