CVE-2010-4526

CVSS v2.0 7.1 (High)

EPSS 6.24 % (94^th)

Affected Products 3

Advisories 9

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2011-01-11 03:00:04
(13 years ago)
Updated Date: 2023-02-13 04:28:57
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Enterprise Mrg

Vmware

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.11.1 version and 2.6.33 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 2.6.11.1	<= 2.6.33
Linux Kernel 2.6.11 Rc2	cpe:2.3:o:linux:linux_kernel:2.6.11:rc2
Linux Kernel 2.6.11 Rc3	cpe:2.3:o:linux:linux_kernel:2.6.11:rc3
Linux Kernel 2.6.11 Rc4	cpe:2.3:o:linux:linux_kernel:2.6.11:rc4
Linux Kernel 2.6.11 Rc5	cpe:2.3:o:linux:linux_kernel:2.6.11:rc5

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Mrg 1.0	cpe:2.3:o:redhat:enterprise_mrg:1.0

Configuration #3

		CPE23	From	Up To
	Vmware Esx 4.0	cpe:2.3:o:vmware:esx:4.0
	Vmware Esx 4.1	cpe:2.3:o:vmware:esx:4.1