CVE-2010-1188

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6 before 2.6.20 Red Hat Enterprise Linux kernel versions 2.4.21

Description The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the net/ipv4/tcp input.c file. This vulnerability can be exploited by remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening state. The vulnerability is triggered when the IPV6 RECVPKTINFO option is set on a listening socket, and the socket is not properly handled, causing the skb structure to be freed. Additionally, there are multiple vulnerabilities in the Red Hat Enterprise Linux kernel package, which can lead to a disruption of protected information and can be exploited remotely.

Recommendations For Linux kernel versions 2.6 before 2.6.20, update to version 2.6.20 or later to resolve the issue. For Red Hat Enterprise Linux kernel versions 2.4.21, update to a newer version that includes the necessary security patches to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable kernel modules to minimize the risk of exploitation.