CVE-2010-4161 — Kernel vulnerability

6 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 69.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Linux Kernel Redhat Enterprise Linux Vmware Esxi +2 more

Timeline

PublishedDec 30

Latest updateMay 14

Description

The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages4 packages

▶NVDlinux/linux_kernel2.6.18

▶vmwarevmware/vsphere

▶vmwarevmware/vmware_esxi

▶vmwarevmware/vmware_workstation

Also affects: Enterprise Linux 5

Patches

Patch: www.spinics.net ↗Patch: bugzilla.redhat.com ↗Patch: www.spinics.net ↗

🔴Vulnerability Details

1

GHSA

GHSA-jch4-5383-w2vq: The udp_queue_rcv_skb function in net/ipv4/udp↗2022-05-14

▶

📋Vendor Advisories

2

VMware

VMware ESX third party updates for Service Console packages glibc and dhcp↗2011-10-12

▶

Red Hat

kernel: rhel5 commit 6865201191 caused deadlock↗2010-11-10

▶

💬Community

2

Bugzilla

CVE-2010-4161 kernel: rhel5 commit 6865201191 caused deadlock↗2010-11-12

▶

Bugzilla

CVE-2010-4158 kernel: socket filters infoleak↗2010-11-10

▶