On Wed, Oct 20, 2021 at 07:42:40AM -0400, Xin Long wrote: > This patchset is to address CVE-2021-3772: > > A flaw was found in the Linux SCTP stack. A blind attacker may be able to > kill an existing SCTP association through invalid chunks if the attacker > knows the IP-addresses and port numbers being used and the attacker can > send packets with spoofed IP addresses. > > This is caused by the missing VTAG verification for the received chunks > and the incorrect vtag for the ABORT used to reply to these invalid > chunks. > > This patchset is to go over all processing functions for the received > chunks and do: > ... > > This patch series has been tested with SCTP TAHI testing to make sure no > regression caused on protocol conformance. Nice! Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
