CVE-2010-4251
First published: Thu Nov 25 2010(Updated: )
<a href="http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread">http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread</a> "The root cause for this problem is, when the receiver is doing __release_sock() (i.e. after userspace recv, kernel udp_recvmsg->skb_free_datagram_locked->release_sock), it moves skbs from backlog to sk_receive_queue with the softirq enabled. In the above case, multiple busy senders will almost make it an endless loop. The skbs in the backlog end up eat all the system memory. The issue is not only for UDP. Any protocols using socket backlog is potentially affected. The patch adds limit for socket backlog so that the backlog size cannot be expanded endlessly." Upstream commits: <a href="http://git.kernel.org/linus/2499849ee8f513e795b9f2c19a42d6356e4943a4">http://git.kernel.org/linus/2499849ee8f513e795b9f2c19a42d6356e4943a4</a> <a href="http://git.kernel.org/linus/53eecb1be5ae499d399d2923933937a9ea1a284f">http://git.kernel.org/linus/53eecb1be5ae499d399d2923933937a9ea1a284f</a> <a href="http://git.kernel.org/linus/50b1a782f845140f4138f14a1ce8a4a6dd0cc82f">http://git.kernel.org/linus/50b1a782f845140f4138f14a1ce8a4a6dd0cc82f</a> <a href="http://git.kernel.org/linus/79545b681961d7001c1f4c3eb9ffb87bed4485db">http://git.kernel.org/linus/79545b681961d7001c1f4c3eb9ffb87bed4485db</a> <a href="http://git.kernel.org/linus/55349790d7cbf0d381873a7ece1dcafcffd4aaa9">http://git.kernel.org/linus/55349790d7cbf0d381873a7ece1dcafcffd4aaa9</a> <a href="http://git.kernel.org/linus/6b03a53a5ab7ccf2d5d69f96cf1c739c4d2a8fb9">http://git.kernel.org/linus/6b03a53a5ab7ccf2d5d69f96cf1c739c4d2a8fb9</a> <a href="http://git.kernel.org/linus/8eae939f1400326b06d0c9afe53d2a484a326871">http://git.kernel.org/linus/8eae939f1400326b06d0c9afe53d2a484a326871</a> <a href="http://git.kernel.org/linus/a3a858ff18a72a8d388e31ab0d98f7e944841a62">http://git.kernel.org/linus/a3a858ff18a72a8d388e31ab0d98f7e944841a62</a> <a href="http://git.kernel.org/linus/c377411f2494a931ff7facdbb3a6839b1266bcf6">http://git.kernel.org/linus/c377411f2494a931ff7facdbb3a6839b1266bcf6</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <2.6.34 | |
| VMware ESX | =4.1 | |
| VMware ESX | =4.0 | |
| Redhat Enterprise Linux | =4.0 | |
| debian/linux-2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=657303
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
- http://www.securityfocus.com/bid/46637
- http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread
- http://secunia.com/advisories/46397
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8eae939f1400326b06d0c9afe53d2a484a326871
- https://launchpad.net/bugs/cve/CVE-2010-4251
- http://git.kernel.org/linus/2499849ee8f513e795b9f2c19a42d6356e4943a4
- http://git.kernel.org/linus/53eecb1be5ae499d399d2923933937a9ea1a284f
- http://git.kernel.org/linus/50b1a782f845140f4138f14a1ce8a4a6dd0cc82f
- http://git.kernel.org/linus/79545b681961d7001c1f4c3eb9ffb87bed4485db
- http://git.kernel.org/linus/55349790d7cbf0d381873a7ece1dcafcffd4aaa9
- http://git.kernel.org/linus/6b03a53a5ab7ccf2d5d69f96cf1c739c4d2a8fb9
- http://git.kernel.org/linus/8eae939f1400326b06d0c9afe53d2a484a326871
- http://git.kernel.org/linus/a3a858ff18a72a8d388e31ab0d98f7e944841a62
- http://git.kernel.org/linus/c377411f2494a931ff7facdbb3a6839b1266bcf6
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2011-0303.html
- https://rhn.redhat.com/errata/RHSA-2011-0542.html
- https://access.redhat.com/security/cve/CVE-2010-4251
- https://access.redhat.com/security/cve/CVE-2010-4805
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4805
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c377411f2494a931ff7facdbb3a6839b1266bcf6
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=657303
- https://rhn.redhat.com/errata/RHSA-2011-0883.html
- https://security-tracker.debian.org/tracker/CVE-2010-4251
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251
- https://nvd.nist.gov/vuln/detail/CVE-2010-4251
- https://ubuntu.com/security/CVE-2010-4251
- collector/nvd-historical
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4251
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/event
- agent/description
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/4.1
- version/vmware esx/4.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/4.0
- package-manager/debian