CVE-2009-4272

Published: Jan 27, 2010Modified: Apr 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.

Affected (6)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation, Virtualization

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linux Linux Kernel	Version 2.6.18

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 5.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Virtualization	Version 5.0

Related CWEs

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (24)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=73e42897e8e5619eacb787d2ce69be12f47cfc21

Source: secalert@redhat.com

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b6280b47a7a42970d098a3059f4ebe7e55e90d8d

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/css/P8/documents/100073666

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2010/01/20/1

Source: secalert@redhat.com

Mailing List

http://www.openwall.com/lists/oss-security/2010/01/20/6

Source: secalert@redhat.com

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=545411

Source: secalert@redhat.com

ExploitIssue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/55808

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11167

Source: secalert@redhat.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7026

Source: secalert@redhat.com

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Source: secalert@redhat.com

Vendor Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=73e42897e8e5619eacb787d2ce69be12f47cfc21

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b6280b47a7a42970d098a3059f4ebe7e55e90d8d

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://support.avaya.com/css/P8/documents/100073666

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.openwall.com/lists/oss-security/2010/01/20/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2010/01/20/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=545411

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/55808

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11167

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7026

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.