CVE-2006-2274

Publication date 9 May 2006

Last updated 17 July 2025

Ubuntu priority

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux-source-2.6.15	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-29.58
linux-source-2.6.17	7.04 feisty	Not in release
	6.10 edgy	Fixed 2.6.17.1-12.40
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-302-1
Linux kernel vulnerabilities
15 June 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2274