The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after-free situation, for example by specific sequences of updating shared keys and closing the SCTP association.
