Date: Fri, 7 Mar 2014 13:45:10 +0100 From: Sabrina Dubroca <sd@...asysnail.net> To: oss-security@...ts.openwall.com Cc: hannes@...essinduktion.org Subject: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding The Linux kernel is vulnerable to a crash on hosts that accept router advertisements. An unlimited number of routes can be created from router advertisements. A remote attacker in the same layer 2 segment can cause a crash from memory exhaustion by flooding router advertisements to a target machine. Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 The patch is pending for stable. http://patchwork.ozlabs.org/patch/327515/ Introduced by: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0 This commit appeared in 3.0. Thanks, -- Sabrina Dubroca
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.