Denial Of Service (DoS)

2020-04-1001:11:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

kernel is vulnerable to denial of service (DoS). The vulnerability exists as a flaw in the xfrm6_tunnel_rcv() function in the Linux kernel’s IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash.

CPENameOperatorVersion
kerneleq2.6.18__8.1.6.el5
kerneleq2.6.18__128.1.1.el5
kerneleq2.6.18__53.1.21.el5
kerneleq2.6.18__128.1.14.el5
kerneleq2.6.18__164.11.1.el5
kerneleq2.6.18__194.26.1.el5
kerneleq2.6.18__128.30.1.el5
kerneleq2.6.18__8.1.15.el5
kerneleq2.6.18__274.18.1.el5
kerneleq2.6.18__8.1.14.el5

Name	Operator	Version
kernel	eq	2.6.18__8.1.6.el5
kernel	eq	2.6.18__128.1.1.el5
kernel	eq	2.6.18__53.1.21.el5
kernel	eq	2.6.18__128.1.14.el5
kernel	eq	2.6.18__164.11.1.el5
kernel	eq	2.6.18__194.26.1.el5
kernel	eq	2.6.18__128.30.1.el5
kernel	eq	2.6.18__8.1.15.el5
kernel	eq	2.6.18__274.18.1.el5
kernel	eq	2.6.18__8.1.14.el5