{"id":"CVE-2025-40331","summary":"sctp: Prevent TOCTOU out-of-bounds write","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Prevent TOCTOU out-of-bounds write\n\nFor the following path not holding the sock lock,\n\n  sctp_diag_dump() -\u003e sctp_for_each_endpoint() -\u003e sctp_ep_dump()\n\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).","modified":"2026-03-31T17:29:54.738579Z","published":"2025-12-09T04:09:48.196Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:0263-1","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0350-1","SUSE-SU-2026:0369-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40331.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2fe08fcaacb7eb019fa9c81db39b2214de216677"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3006959371007fc2eae4a078f823c680fa52de1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/584307275b2048991b2e8984962189b6cc0a9b85"},{"type":"WEB","url":"https://git.kernel.org/stable/c/72e3fea68eac8d088e44c3dd954e843478e9240e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89eac1e150dbd42963e13d23828cb8c4e0763196"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95aef86ab231f047bb8085c70666059b58f53c09"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b106a68df0650b694b254427cd9250c04500edd3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c9119f243d9c0da3c3b5f577a328de3e7ffd1b42"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40331.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40331"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8f840e47f190cbe61a96945c13e9551048d42cef"},{"fixed":"b106a68df0650b694b254427cd9250c04500edd3"},{"fixed":"3006959371007fc2eae4a078f823c680fa52de1a"},{"fixed":"72e3fea68eac8d088e44c3dd954e843478e9240e"},{"fixed":"584307275b2048991b2e8984962189b6cc0a9b85"},{"fixed":"c9119f243d9c0da3c3b5f577a328de3e7ffd1b42"},{"fixed":"2fe08fcaacb7eb019fa9c81db39b2214de216677"},{"fixed":"89eac1e150dbd42963e13d23828cb8c4e0763196"},{"fixed":"95aef86ab231f047bb8085c70666059b58f53c09"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40331.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.7.0"},{"fixed":"5.4.302"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.247"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.197"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.117"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.58"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40331.json"}}],"schema_version":"1.7.5"}