ALAS-2013-252 ---- kernelID: oval:org.secpod.oval:def:1600214 | Date: (C)2016-05-19 (M)2024-02-19 |
Class: PATCH | Family: unix |
The Linux kernel before 3.12, when UDP Fragmentation Offload is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service via a small value in the IHL field of a packet with IPIP encapsulation.
Platform: |
Amazon Linux AMI |