CVE-2010-4249

Linux Kernel 2.6.37 - Unix Sockets Local Denial of Service

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.

La función wait_for_unix_gc de net/unix/garbage.c en el kernel de Linux en versiones anteriores a la 2.6.37-rc3-next-20101125 no selecciona apropiadamente el momento de recolectar la basura de los sockets en uso; lo que permite, a usuarios locales, provocar una denegación de servicio (cuelgue del sistema) a través del uso modificado de las llamadas al sistema "socketpair" y "sendmsg" de los sockets SOCK_SEQPACKET.

Multiple vulnerabilities have been addressed in the Linux 2.6 kernel. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-11-16 CVE Reserved
2010-11-27 CVE Published
2010-11-27 First Exploit
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (26)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84b	X_refsource_confirm
http://secunia.com/advisories/42354	Third Party Advisory
http://secunia.com/advisories/42745	Third Party Advisory
http://secunia.com/advisories/42890	Third Party Advisory
http://secunia.com/advisories/42963	Third Party Advisory
http://secunia.com/advisories/46397	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2	Broken Link
http://www.securityfocus.com/archive/1/520102/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/45037	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3321	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0168	Third Party Advisory

URL	Date	SRC
https://packetstorm.news/files/id/96141	2010-11-27
https://www.exploit-db.com/exploits/15622	2010-11-27
http://lkml.org/lkml/2010/11/23/395	2024-08-07
http://lkml.org/lkml/2010/11/25/8	2024-08-07
http://marc.info/?l=linux-netdev&m=129059035929046&w=2	2024-08-07
http://www.exploit-db.com/exploits/15622	2024-08-07
http://www.openwall.com/lists/oss-security/2010/11/24/10	2024-08-07
http://www.openwall.com/lists/oss-security/2010/11/24/2	2024-08-07

URL	Date	SRC
http://lkml.org/lkml/2010/11/23/450	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=656756	2011-03-10

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0007.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0162.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-4249	2011-03-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"		rc2		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				13 Search vendor "Fedoraproject" for product "Fedora" and version "13"		-		Affected