APPLIED: [CVE-2010-4526] sctp: Fix a race between ICMP protocol unreachable and connect()
Tim Gardner
tim.gardner at canonical.com
Wed Jun 22 14:04:42 UTC 2011
On 06/20/2011 12:19 PM, Andy Whitcroft wrote:
> CVE-2010-4526
> Race condition in the sctp_icmp_proto_unreachable function in
> net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows
> remote attackers to cause a denial of service (panic) via an ICMP
> unreachable message to a socket that is already locked by a user,
> which causes the socket to be freed and triggers list corruption,
> related to the sctp_wait_for_connect function.
>
> This is already fixed in everything based on v2.6.34 and above, arriving
> via mainline. Following this email are patches for Hardy, and
> Lucid/ti-omap4.
>
> Note I have no clue how to confirm the backport for Hardy is good as
> the bug seems to be hard to trigger and in a protocol I have no idea how
> to test. Any suggestions welcome.
>
> Proposing for Lucid/ti-omap4, and requesting testing help for Hardy.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list