Advertisement
Security

Critical Heap Corruption Flaw Discovered in illumos SCTP Stack

A critical vulnerability in the illumos SCTP inbound path allows unauthenticated remote attackers to trigger kernel heap corruption and potential code execution.

··1 hour ago·1 min read
brown padlock on black computer keyboard
Photo by FlyD on Unsplash
Advertisement

A critical security vulnerability, tracked as CVE-2026-15422, has been identified in the illumos SCTP inbound path. The issue stems from inadequate validation of address parameters during association lookup for INIT ACK chunks. Because this process occurs during packet classification, it bypasses standard SCTP integrity checks and IPsec policies.

An unauthenticated remote attacker can exploit this flaw by sending a crafted SCTP INIT ACK packet containing malformed address parameters. This action triggers an out-of-bounds access, resulting in kernel heap corruption that may lead to remote code execution. The vulnerability has been present in the codebase since 2010.

This flaw affects all illumos distributions released prior to the application of the fix in illumos-gate commit 53a3efde. Administrators are strongly advised to update their systems to a version that includes the necessary security patch to mitigate the risk of exploitation.

#vulnerability#illumos#sctp#cve-2026-15422#kernel

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement