Published: 11/01/2011 Updated: 25/08/2020
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 633
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 up to and including 2.6.33 allows remote malicious users to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

Vulnerability Trend

Vendor Advisories

Multiple kernel flaws have been fixed ...
Multiple kernel flaws have been fixed ...
An attacker could send crafted input to the kernel and cause it to crash ...