CVE-2010-4526 — Race Condition in Kernel

CWE-362 — Race Condition CWE-662 — Improper Synchronization CWE-672 — Operation on a Resource after Expiration or Release CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

7.1HIGHNVD

EPSS

1.5%

top 18.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise MRG Vmware ESX

Timeline

PublishedJan 11

Latest updateMay 13

Description

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.11.1 — 2.6.33+1

▶NVDvmware/esx4.0, 4.1+1

▶NVDredhat/enterprise_mrg1.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrp2-pm5c-pxrh: Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input↗2022-05-13

▶

CVEList

CVE-2010-4526: Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input↗2011-01-11

▶

📋Vendor Advisories

Ubuntu

Linux kernel (i.MX51) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel vulnerabilities↗2011-07-15

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-02

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-01

▶

💬Community

Bugzilla

CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()↗2010-12-22

▶