[CVE-2010-4526] sctp: Fix a race between ICMP protocol unreachable and connect()
Stefan Bader
stefan.bader at canonical.com
Wed Jun 22 13:03:15 UTC 2011
On 20.06.2011 20:19, Andy Whitcroft wrote:
> CVE-2010-4526
> Race condition in the sctp_icmp_proto_unreachable function in
> net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows
> remote attackers to cause a denial of service (panic) via an ICMP
> unreachable message to a socket that is already locked by a user,
> which causes the socket to be freed and triggers list corruption,
> related to the sctp_wait_for_connect function.
>
> This is already fixed in everything based on v2.6.34 and above, arriving
> via mainline. Following this email are patches for Hardy, and
> Lucid/ti-omap4.
>
> Note I have no clue how to confirm the backport for Hardy is good as
> the bug seems to be hard to trigger and in a protocol I have no idea how
> to test. Any suggestions welcome.
>
> Proposing for Lucid/ti-omap4, and requesting testing help for Hardy.
>
> -apw
>
Not sure how lucky you were with the testing. The Lucid version looks like a
clean pick. The Hardy one more or less following as far as I was able to see.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
More information about the kernel-team
mailing list