New Search

Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20 when IPV6_RECVPKTINFO is set on a listening socket allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state which is not properly handled causes the skb structure to be freed.

oval:org.mitre.oval:def:9878

Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20 when IPV6_RECVPKTINFO is set on a listening socket allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state which is not properly handled and causes the skb structure to be freed.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • Oracle Linux 5
  • CentOS Linux 5
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2010-1188
Product(s):