PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5986 Linux CVE debrief

CVE-2017-5986 affects the Linux kernel SCTP socket code and can let a local user trigger a denial of service through an assertion failure and kernel panic. The issue was published by CVE on 2017-02-18, and NVD later marked the record modified on 2026-05-13. NVD lists affected Linux kernel versions through 4.9.11 and references the upstream fix, release notes, and downstream vendor advisories.

Vendor
Linux
Product
CVE-2017-5986
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-18
Original CVE updated
2026-05-13
Advisory published
2017-02-18
Advisory updated
2026-05-13

Who should care

Linux system administrators, distribution maintainers, embedded device vendors, and operators running kernels with SCTP enabled—especially where local users, multi-user workloads, or multithreaded applications are present.

Technical summary

According to the CVE description, the flaw is a race condition in sctp_wait_for_sndbuf in net/sctp/socket.c. In a specific buffer-full state, a multithreaded application that peels off an association can race the kernel into an assertion failure and panic. NVD classifies the impact as availability-only, with local attack conditions and user interaction, and lists the weakness categories CWE-362 and CWE-617.

Defensive priority

Medium to high for exposed or shared systems that use SCTP, because the impact is a kernel panic/denial of service even though the attack is local and requires user interaction. Priority is highest where untrusted local users or container/workload boundaries reduce trust in local code execution.

Recommended defensive actions

  • Update Linux kernel packages to a version that includes the upstream fix; NVD lists the vulnerable range as ending before 4.9.11.
  • Apply the vendor backport or distro advisory that matches your kernel stream if you cannot move to 4.9.11 directly.
  • Review downstream security notices referenced by the CVE, including Debian and Red Hat advisories, for package-specific remediation guidance.
  • If SCTP is not needed in your environment, validate whether it can be disabled or minimized in accordance with your platform policy.
  • Verify that patched kernels are deployed across all fleet variants, including virtualized, container host, and embedded images.

Evidence notes

The supplied corpus shows the CVE description, NVD vulnerability metadata, and multiple references to the upstream patch, the Linux 4.9.11 changelog, and vendor advisories. NVD’s CPE criteria mark Linux kernel versions through 4.9.11 as vulnerable. The record also lists CVSS v3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and weaknesses CWE-362 and CWE-617. No KEV entry was provided in the source corpus.

Official resources

Published by CVE on 2017-02-18T21:59:00.130Z. The supplied source item and NVD metadata were last modified on 2026-05-13T00:24:29.033Z. Timing should be interpreted from those CVE/NVD dates, not from generation or review time.