CVE-2010-0437

Linux Kernel < 2.6.27 - Denial of Service via IPv6 TUN Network Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0437. PoCs published by Rémi Denis-Courmont.

AI-analyzed exploit summary This exploit targets a local denial-of-service vulnerability in the Linux kernel by creating a TUN/TAP interface and flooding it with IPv6 packets, potentially causing a kernel crash. The PoC demonstrates the issue by spawning threads that send UDP packets and read from the TUN device.

Description

The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rémi Denis-Courmont · cdoslinux
https://www.exploit-db.com/exploits/33635

This exploit targets a local denial-of-service vulnerability in the Linux kernel by creating a TUN/TAP interface and flooding it with IPv6 packets, potentially causing a kernel crash. The PoC demonstrates the issue by spawning threads that send UDP packets and read from the TUN device.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (versions affected by CVE-2010-0437)
No auth needed
Prerequisites: Local access to the target system · Ability to create TUN/TAP interfaces · IPv6 support enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0147.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10061
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/02/11/1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43315
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=563781
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39033
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/03/04/4
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0161.html

Scores

EPSS 0.1210
EPSS Percentile 95.6%

Details

Status published
Products (46)
linux/linux_kernel 2.6.0
linux/linux_kernel 2.6.1
linux/linux_kernel 2.6.2
linux/linux_kernel 2.6.3
linux/linux_kernel 2.6.4
linux/linux_kernel 2.6.5
linux/linux_kernel 2.6.6
linux/linux_kernel 2.6.7
linux/linux_kernel 2.6.8
linux/linux_kernel 2.6.8.1
... and 36 more
Published Mar 24, 2010
Tracked Since Feb 18, 2026