[CVE-2010-4526] sctp: Fix a race between ICMP protocol unreachable and connect()
Andy Whitcroft
apw at canonical.com
Mon Jun 20 18:19:27 UTC 2011
CVE-2010-4526
Race condition in the sctp_icmp_proto_unreachable function in
net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows
remote attackers to cause a denial of service (panic) via an ICMP
unreachable message to a socket that is already locked by a user,
which causes the socket to be freed and triggers list corruption,
related to the sctp_wait_for_connect function.
This is already fixed in everything based on v2.6.34 and above, arriving
via mainline. Following this email are patches for Hardy, and
Lucid/ti-omap4.
Note I have no clue how to confirm the backport for Hardy is good as
the bug seems to be hard to trigger and in a protocol I have no idea how
to test. Any suggestions welcome.
Proposing for Lucid/ti-omap4, and requesting testing help for Hardy.
-apw
More information about the kernel-team
mailing list