Unpatched Linux kernel versions with nf_conntrack_sip enabled
Summary
This vulnerability occurs in the Linux kernel's netfilter nf_conntrack_sip SIP connection tracking module. When processing SDP bodies with no valid media entries, the function uses an uninitialized stack variable for the RTP address. On distributions without automatic stack initialization, this can lead to sensitive memory leaks or unexpected network behavior.
Remediation
Apply the latest official Linux kernel security update that fixes this vulnerability. Test the patch on non-production systems before rolling out to production. Disable the nf_conntrack_sip module if it is not in use as a temporary workaround.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.