Denial of Service Vulnerability in Linux Kernel 2.6.18 on Red Hat Enterprise Linux
CVE-2009-4272

7.5HIGH

Key Information:

Vendor

Linux
Status
Linux Kernel
Enterprise Linux
Vendor
CVE Published:
27 January 2010

What is CVE-2009-4272?

A vulnerability in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 enables remote attackers to trigger a denial of service through specially crafted packets. This issue arises from a flaw in the routing system that causes collisions in the IPv4 routing hash table, leading to a node deadlock scenario. This vulnerability is noteworthy as it stems from the improper handling of emergency routing situations, where an excessive hash chain length can prompt system instability. Users are encouraged to update their systems to mitigate the risk associated with this vulnerability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=545411
x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100073666
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.