CVE-2026-23125

In the Linux kernel, the following vulnerability has been resolved:

sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT

A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails:

================================================================== KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2 RIP: 0010:sctppacketbundleauth net/sctp/output.c:264 [inline] RIP: 0010:sctppacketappendchunk+0xb36/0x1260 net/sctp/output.c:401 Call Trace:

sctppackettransmitchunk+0x31/0x250 net/sctp/output.c:189 sctpoutqflushdata+0xa29/0x26d0 net/sctp/outqueue.c:1111 sctpoutqflush+0xc80/0x1240 net/sctp/outqueue.c:1217 sctpcmdinterpreter.isra.0+0x19a5/0x62c0 net/sctp/smsideeffect.c:1787 sctpsideeffects net/sctp/smsideeffect.c:1198 [inline] sctpdosm+0x1a3/0x670 net/sctp/smsideeffect.c:1169 sctpassocbhrcv+0x33e/0x640 net/sctp/associola.c:1052 sctpinqpush+0x1dd/0x280 net/sctp/inqueue.c:88 sctprcv+0x11ae/0x3100 net/sctp/input.c:243 sctp6rcv+0x3d/0x60 net/sctp/ipv6.c:1127

The issue is triggered when sctpauthasocinitactivekey() fails in sctpsfdo51Cack() while processing an INIT_ACK. In this case, the command sequence is currently:

• SCTPCMDPEER_INIT
• SCTPCMDTIMERSTOP (T1INIT)
• SCTPCMDTIMERSTART (T1COOKIE)
• SCTPCMDNEWSTATE (COOKIEECHOED)
• SCTPCMDASSOC_SHKEY
• SCTPCMDGENCOOKIEECHO

If SCTPCMDASSOCSHKEY fails, asoc->shkey remains NULL, while asoc->peer.authcapable and asoc->peer.peerchunks have already been set by SCTPCMDPEERINIT. This allows a DATA chunk with auth = 1 and shkey = NULL to be queued by sctpdatamsgfrom_user().

Since command interpretation stops on failure, no COOKIEECHO should been sent via SCTPCMDGENCOOKIEECHO. However, the T1COOKIE timer has already been started, and it may enqueue a COOKIEECHO into the outqueue later. As a result, the DATA chunk can be transmitted together with the COOKIEECHO in sctpoutqflush_data(), leading to the observed issue.

Similar to the other places where it calls sctpauthasocinitactivekey() right after sctpprocessinit(), this patch moves the SCTPCMDASSOCSHKEY immediately after SCTPCMDPEERINIT, before stopping T1INIT and starting T1COOKIE. This ensures that if shared key generation fails, authenticated DATA cannot be sent. It also allows the T1INIT timer to retransmit INIT, giving the client another chance to process INIT_ACK and retry key setup.