CVE-2011-1093

CWE-476 — NULL Pointer Dereference CWE-67214 documents6 sources

Severity

7.8HIGH

EPSS

1.2%

top 20.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux AUS Redhat Enterprise Linux Desktop +3 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.38

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

Also affects: Enterprise Linux 5.6

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rf9x-2w4m-rh77: The dccp_rcv_state_process function in net/dccp/input↗2022-05-13

▶

CVEList

CVE-2011-1093: The dccp_rcv_state_process function in net/dccp/input↗2011-07-18

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Natty backport) vulnerabilities↗2011-11-09

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel (i.MX51) vulnerabilities↗2011-09-13

▶

Ubuntu

Linux kernel vulnerabilities↗2011-08-19

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

💬Community

Bugzilla

CVE-2011-1093 kernel: dccp: fix oops on Reset after close↗2011-03-08

▶