It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. This issue may then lead to a segmentation fault resulting in denial of service.
It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. This issue may then lead to a segmentation fault resulting in denial of service.
https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90 http://seclists.org/oss-sec/2017/q1/432