CVE-2010-4805Uncontrolled Resource Consumption in Kernel

CWE-400Uncontrolled Resource Consumption10 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 25.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedMay 26
Latest updateMay 13

Description

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDlinux/linux_kernel< 2.6.35

Also affects: Enterprise Linux 4.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

1
GHSA
GHSA-22vq-wcg7-jq7r: The socket implementation in net/core/sock2022-05-13

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerabilities2011-09-29
Ubuntu
Linux kernel (EC2) vulnerabilities2011-09-26
Ubuntu
Linux kernel (Marvel DOVE) vulnerabilities2011-09-14
Ubuntu
Linux kernel (i.MX51) vulnerabilities2011-09-13
Ubuntu
Linux kernel (Marvel DOVE) vulnerabilities2011-09-13

💬Community

1
Bugzilla
CVE-2010-4251 CVE-2010-4805 kernel: unlimited socket backlog DoS2010-11-25