7.1

CVE-2010-4526

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.11.1 <= 2.6.33
LinuxLinux Kernel Version2.6.11 Updaterc2
LinuxLinux Kernel Version2.6.11 Updaterc3
LinuxLinux Kernel Version2.6.11 Updaterc4
LinuxLinux Kernel Version2.6.11 Updaterc5
RedhatEnterprise Mrg Version1.0
VMwareEsx Version4.0
VMwareEsx Version4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.06% 0.822
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.openwall.com/lists/oss-security/2011/01/04/13
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2011/01/04/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/45661
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526
Patch
Third Party Advisory
Issue Tracking