CVE-2010-4165
22.11.2010, 13:00
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 < 2.6.37 |
| linux | linux_kernel | 2.6.37 |
| linux | linux_kernel | 2.6.37:rc1 |
| opensuse | opensuse | 11.2 |
| opensuse | opensuse | 11.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||||
| linux-ec2 |
| ||||||||||||
| linux-fsl-imx51 |
| ||||||||||||
| linux-lts-backport-maverick |
| ||||||||||||
| linux-lts-backport-natty |
| ||||||||||||
| linux-mvl-dove |
| ||||||||||||
| linux-source-2.6.15 |
| ||||||||||||
| linux-ti-omap4 |
|
Common Weakness Enumeration
References