CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:N/I:N/A:C
EPSS
Percentile
0.4%
The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel
before 2.6.20, and possibly other versions, allows local users to cause a
denial of service (oops) by calling setsockopt with the IPV6_RTHDR option
name and possibly a zero option length or invalid option value, which
triggers a NULL pointer dereference.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | linux-source-2.6.15 | < 2.6.15-29.58 | UNKNOWN |
ubuntu | 6.10 | noarch | linux-source-2.6.17 | < 2.6.17.1-12.40 | UNKNOWN |
ubuntu | 7.04 | noarch | linux-source-2.6.20 | < 2.6.20-16.31 | UNKNOWN |