CVE-2011-4348

Linux Kernel < 2.6.29 - Denial of Service via SCTP Packet Race Condition

Title source: llm

Description

Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.

References (5)

Core 5

Core References

Patch x_refsource_confirm

https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6

Various Sources x_refsource_confirm

http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ae53b5bd77719fed58086c5be60ce4f22bffe1c6

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/03/05/2

Vendor Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=757143

Scores

EPSS 0.0218

EPSS Percentile 80.1%

Details

CWE

CWE-362

Status published

Products (11)

linux/linux_kernel 2.6.28

linux/linux_kernel 2.6.28.1

linux/linux_kernel 2.6.28.2

linux/linux_kernel 2.6.28.3

linux/linux_kernel 2.6.28.4

linux/linux_kernel 2.6.28.5

linux/linux_kernel 2.6.28.6

linux/linux_kernel 2.6.28.7

linux/linux_kernel 2.6.28.8

linux/linux_kernel 2.6.28.9

... and 1 more

Published Jun 08, 2013

Tracked Since Feb 18, 2026