7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.004 Low
EPSS
Percentile
72.8%
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux
kernel before 3.2.24 allows remote attackers to cause a denial of service
(kernel resource consumption) via a flood of SYN+FIN TCP packets, a
different vulnerability than CVE-2012-2663.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24
bugzilla.redhat.com/show_bug.cgi?id=826702
github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa
launchpad.net/bugs/cve/CVE-2012-6638
nvd.nist.gov/vuln/detail/CVE-2012-6638
security-tracker.debian.org/tracker/CVE-2012-6638
ubuntu.com/security/notices/USN-1514-1
ubuntu.com/security/notices/USN-1529-1
ubuntu.com/security/notices/USN-1651-1
ubuntu.com/security/notices/USN-1653-1
www.cve.org/CVERecord?id=CVE-2012-6638