CVE-2009-4272
kernel: emergency route cache flushing leads to node deadlock
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
Cierto parche de Red Hat para net/ipv4/route.c en el kernel de Linux v2.6.18 en Red Hat Enterprise Linux (RHEL) v5 permite a atacantes remotos producir una denegaciĆ³n de servicio (punto muerto) a traves de paquetes manipulados que que fuerzan colisiones en la tabla de hash de enrutamiento IPv4, e inicia un enrutado de "emergencia" en el cual la cadena de hash es demasiado larga. NOTA: Esta vulnerabilidad esta relacionada con otra del cache de enrutamiento del kernel cuando el cache de enrutamiento del kernel esta desactivado, implicando un puntero no inicializado y panic.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-10 CVE Reserved
- 2010-01-27 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
- CWE-667: Improper Locking
CAPEC
References (13)
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=545411 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2010-0046.html | 2024-02-15 | |
| https://rhn.redhat.com/errata/RHSA-2010-0095.html | 2024-02-15 | |
| https://access.redhat.com/security/cve/CVE-2009-4272 | 2010-02-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.18 Search vendor "Linux" for product "Linux Kernel" and version "2.6.18" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 5.0 Search vendor "Redhat" for product "Virtualization" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||