CVE-2026-15422
illumos · illumos-gate
A heap-based buffer overflow in the illumos SCTP inbound path allows an unauthenticated attacker to trigger remote code execution via a crafted INIT ACK packet.
Executive summary
A critical remote code execution vulnerability in the illumos SCTP stack allows unauthenticated attackers to corrupt kernel memory and gain system control.
Vulnerability
This is a heap-based buffer overflow (CWE-122, CWE-787) occurring during SCTP packet classification, which allows an unauthenticated attacker to send malformed INIT ACK chunks and corrupt the kernel heap.
Business impact
This vulnerability allows for remote code execution at the kernel level, effectively granting an attacker complete control over the affected system. The impact is severe, as it bypasses standard integrity checks and can be exploited before IPsec policies are applied, potentially leading to total system compromise and data theft. The CVSS score of 9.1 highlights the critical risk to infrastructure stability.
Remediation
Immediate Action: Update the illumos distribution to a version that incorporates the fix for issue 18117.
Proactive Monitoring: Monitor system logs for kernel panics, SCTP-related errors, or unusual kernel heap activity that may indicate an exploitation attempt.
Compensating Controls: Utilize host-based firewalls to restrict SCTP traffic to known, trusted sources and, where possible, disable the SCTP protocol if it is not required for system functionality.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
This is a critical vulnerability that requires urgent attention across all illumos-based environments. Because the flaw exists within the kernel network stack, it is highly sensitive to exploitation. Administrators should verify their current distribution version against the vendor-provided patch lists and apply updates immediately.