CVE-2022-0322: 
Linux Kernel vulnerability analysis and mitigation

A flaw was discovered in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with local user privilege access. The vulnerability (CVE-2022-0322) was disclosed on March 25, 2022, affecting Linux kernel versions prior to 5.15-rc6. In this vulnerability, an attempt to use more buffer than is allocated triggers a BUG_ON issue (NVD, Debian).

The vulnerability occurs in the SCTP network protocol's stream reset functionality. The sctp_make_strreset_req() function makes repeated calls to sctp_addto_chunk() which automatically accounts for padding on each call. While inreq and outreq are 4-byte aligned, the payload is not, and doing SCTP_PAD4(a + b) is different from SCTP_PAD4(a) + SCTP_PAD4(b), leading to insufficient buffer allocation. The vulnerability has a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD, Kernel Commit).

When successfully exploited, this vulnerability leads to a denial of service (DOS) condition through a kernel panic triggered by the BUG_ON assertion. The impact is limited to availability with no direct impact on confidentiality or integrity (NVD).

The vulnerability was fixed in Linux kernel version 5.15-rc6 through commit a2d859e3fc97e79d907761550dbc03ff1b36479c. The fix properly accounts for stream padding length in the reconf chunk by modifying the buffer allocation calculation in sctp_make_strreset_req(). Various Linux distributions have backported the fix to their supported kernel versions (Kernel Commit, Red Hat).