CVE-2009-4272Improper Locking in Kernel

CWE-667Improper LockingCWE-662Improper SynchronizationCWE-362Race ConditionCWE-672Operation on a Resource after Expiration or ReleaseCWE-476NULL Pointer DereferenceCWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.8%
top 17.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelRedhat Enterprise Linux DesktopRedhat Enterprise Linux EUS+3 more
Timeline
PublishedJan 27
Latest updateMay 2

Description

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel2.6.18

Also affects: Enterprise Linux 5.4

🔴Vulnerability Details

2
GHSA
GHSA-w5pr-8rvr-3pcp: A certain Red Hat patch for net/ipv4/route2022-05-02
CVEList
CVE-2009-4272: A certain Red Hat patch for net/ipv4/route2010-01-27

📋Vendor Advisories

1
Red Hat
kernel: emergency route cache flushing leads to node deadlock2010-01-19

💬Community

1
Bugzilla
CVE-2009-4272 kernel: emergency route cache flushing leads to node deadlock2009-12-08
CVE-2009-4272 — Improper Locking in Linux Kernel | cvebase