Use-after-free

2020-04-1000:43:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.048 Low

EPSS

Percentile

92.8%

JSON

The kernel is vulnerable to use-after-free. Due to a flaw found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation, if a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic.

CPENameOperatorVersion
kerneleq2.6.18__8.1.14.el5
kerneleq2.6.18__92.1.17.el5
kerneleq2.6.18__128.1.14.el5
kerneleq2.6.18__128.29.1.el5
kerneleq2.6.18__164.el5
kerneleq2.6.18__92.1.22.el5
kerneleq2.6.18__164.10.1.el5
kerneleq2.6.18__8.1.8.el5
kerneleq2.6.18__53.1.4.el5
kerneleq2.6.18__164.6.1.el5

Name	Operator	Version
kernel	eq	2.6.18__8.1.14.el5
kernel	eq	2.6.18__92.1.17.el5
kernel	eq	2.6.18__128.1.14.el5
kernel	eq	2.6.18__128.29.1.el5
kernel	eq	2.6.18__164.el5
kernel	eq	2.6.18__92.1.22.el5
kernel	eq	2.6.18__164.10.1.el5
kernel	eq	2.6.18__8.1.8.el5
kernel	eq	2.6.18__53.1.4.el5
kernel	eq	2.6.18__164.6.1.el5