CVE-2010-4526

kernel: sctp: a race between ICMP protocol unreachable and connect()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

Condición de carrera en el kernel de Linux 2.6.11-rc2 hasta 2.6.33. Permite a atacantes remotos provocar una denegación de servicio (kernel panic) a través de un mensaje no enrutable ICMP a un socket que ya se encuentra bloqueado por un usuario, lo que provoca que el socket sea liberado y una corrupción de lista. Relacionado con la función sctp_wait_for_connect.

USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for use with EC2. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-12-09 CVE Reserved
2011-01-11 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (14)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819	X_refsource_confirm
http://secunia.com/advisories/42964	Broken Link
http://secunia.com/advisories/46397	Broken Link
http://www.securityfocus.com/archive/1/520102/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/45661	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0169	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/64616	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2011/01/04/13	2023-02-13
http://www.openwall.com/lists/oss-security/2011/01/04/3	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526	2023-02-13

URL	Date	SRC
http://www.redhat.com/support/errata/RHSA-2011-0163.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-4526	2011-09-12
https://bugzilla.redhat.com/show_bug.cgi?id=664914	2011-09-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.11.1 <= 2.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.11.1 <= 2.6.33"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.11 Search vendor "Linux" for product "Linux Kernel" and version "2.6.11"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.11 Search vendor "Linux" for product "Linux Kernel" and version "2.6.11"		rc3		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.11 Search vendor "Linux" for product "Linux Kernel" and version "2.6.11"		rc4		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.11 Search vendor "Linux" for product "Linux Kernel" and version "2.6.11"		rc5		Affected
Redhat Search vendor "Redhat"		Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"				1.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				4.0 Search vendor "Vmware" for product "Esx" and version "4.0"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				4.1 Search vendor "Vmware" for product "Esx" and version "4.1"		-		Affected