CVE-2010-4805

Priority
Description
The socket implementation in net/core/sock.c in the Linux kernel before
2.6.35 does not properly manage a backlog of received packets, which allows
remote attackers to cause a denial of service by sending a large amount of
network traffic, related to the sk_add_backlog function and the
sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2010-4251.
Ubuntu-Description
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service.
Notes
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Patches:
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
Package
Upstream:released (2.6.35~rc1)
More Information

Updated: 2019-12-05 20:56:10 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)