CVE-2026-15422
Received Received - Intake

Heap Corruption in illumos SCTP INIT ACK Processing

Vulnerability report for CVE-2026-15422, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: 0ca53633-f0b5-4853-ba72-e0a2e62000d0

Description

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification (i.e. before SCTP integrity checks or IPsec policy are applied) a remote, unauthenticated attacker can send a crafted SCTP INIT ACK packet with malformed address parameters to cause an out-of-bounds access and kernel heap corruption, which may lead to remote code execution. The flaw has existed since 2010 (illumos-gate commit a5407c02), and affects any illumos distribution prior to illumos-gate commit 53a3efde.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
illumos illumos to 53a3efde (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the illumos operating system's SCTP implementation. It allows a remote attacker to send a specially crafted packet that bypasses normal checks and corrupts kernel memory. The flaw occurs because the system tries to process address data in a packet before verifying its integrity, leading to potential remote code execution.

Detection Guidance

Detecting this vulnerability requires checking for SCTP-related issues in illumos systems. Monitor kernel logs for SCTP errors or crashes, particularly during network packet processing. Use commands like 'dmesg' or 'svcadm' to inspect system logs for SCTP-related anomalies. Ensure your illumos distribution is updated to the latest commit (53a3efde) to mitigate the flaw.

Impact Analysis

An attacker could exploit this to crash the system or run malicious code with kernel privileges. This could allow them to take full control of the affected machine, steal data, or disrupt services. Systems using illumos prior to the fix are vulnerable.

Compliance Impact

This vulnerability could impact compliance with GDPR and HIPAA by potentially allowing unauthorized remote code execution or data breaches. The flaw enables heap corruption via crafted SCTP packets, which may lead to system compromise. Such breaches could result in unauthorized access to personal or health data, violating GDPR's data protection requirements or HIPAA's security rules for protected health information.

Mitigation Strategies

Apply the official patch from illumos-gate commit 53a3efde to fix the SCTP INIT ACK chunk parameter validation issue. Update all illumos distributions to versions incorporating this fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15422. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart