7.5

CVE-2026-53070

sctp: disable BH before calling udp_tunnel_xmit_skb()

In the Linux kernel, the following vulnerability has been resolved:

sctp: disable BH before calling udp_tunnel_xmit_skb()

udp_tunnel_xmit_skb() / udp_tunnel6_xmit_skb() are expected to run with
BH disabled.  After commit 6f1a9140ecda ("add xmit recursion limit to
tunnel xmit functions"), on the path:

  udp(6)_tunnel_xmit_skb() -> ip(6)tunnel_xmit()

dev_xmit_recursion_inc()/dec() must stay balanced on the same CPU.

Without local_bh_disable(), the context may move between CPUs, which can
break the inc/dec pairing. This may lead to incorrect recursion level
detection and cause packets to be dropped in ip(6)_tunnel_xmit() or
__dev_queue_xmit().

Fix it by disabling BH around both IPv4 and IPv6 SCTP UDP xmit paths.

In my testing, after enabling the SCTP over UDP:

  # ip net exec ha sysctl -w net.sctp.udp_port=9899
  # ip net exec ha sysctl -w net.sctp.encap_port=9899
  # ip net exec hb sysctl -w net.sctp.udp_port=9899
  # ip net exec hb sysctl -w net.sctp.encap_port=9899

  # ip net exec ha iperf3 -s

- without this patch:

  # ip net exec hb iperf3 -c 192.168.0.1 --sctp
  [  5]   0.00-10.00  sec  37.2 MBytes  31.2 Mbits/sec  sender
  [  5]   0.00-10.00  sec  37.1 MBytes  31.1 Mbits/sec  receiver

- with this patch:

  # ip net exec hb iperf3 -c 192.168.0.1 --sctp
  [  5]   0.00-10.00  sec  3.14 GBytes  2.69 Gbits/sec  sender
  [  5]   0.00-10.00  sec  3.14 GBytes  2.69 Gbits/sec  receiver
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 046c052b475e7119b6a30e3483e2888fc606a2f8
Version < be3bfcb34bda04f6a350710db471d4133f950f2c
Status affected
Version 046c052b475e7119b6a30e3483e2888fc606a2f8
Version < 0de7db2eb27e82b983157016fa604b1ba664ae5f
Status affected
Version 046c052b475e7119b6a30e3483e2888fc606a2f8
Version < 790093245e35040c2adb15f48970020425aa3f47
Status affected
Version 046c052b475e7119b6a30e3483e2888fc606a2f8
Version < 2cd7e6971fc2787408ceef17906ea152791448cf
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.11
Status affected
Version 0
Version < 5.11
Status unaffected
Version <= 6.12.*
Version 6.12.95
Status unaffected
Version <= 6.18.*
Version 6.18.37
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.271
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/790093245e35040c2adb15f48970020425aa3f47
https://git.kernel.org/stable/c/2cd7e6971fc2787408ceef17906ea152791448cf
https://git.kernel.org/stable/c/0de7db2eb27e82b983157016fa604b1ba664ae5f
https://git.kernel.org/stable/c/be3bfcb34bda04f6a350710db471d4133f950f2c