7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
71.2%
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in
Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of
service (kernel oops) via an update message without private protocol
information, which triggers a null dereference.