CVE-2011-4326
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
17/05/2012
Last modified:
11/04/2025
Description
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
Impact
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.39 (excluding) | |
| cpe:2.3:o:avaya:96x1_ip_deskphone_firmware:*:*:*:*:*:*:*:* | 6.0.0 (including) | 6.6.0 (including) |
| cpe:2.3:h:avaya:96x1_ip_deskphone:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://downloads.avaya.com/css/P8/documents/100156038
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3Da9cf73ea7ff78f52662c8658d93c226effbbedde
- http://www.openwall.com/lists/oss-security/2011/11/21/10
- http://www.securityfocus.com/bid/50751
- https://bugzilla.redhat.com/show_bug.cgi?id=682066
- https://bugzilla.redhat.com/show_bug.cgi?id=755584
- https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde
- http://downloads.avaya.com/css/P8/documents/100156038
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3Da9cf73ea7ff78f52662c8658d93c226effbbedde
- http://www.openwall.com/lists/oss-security/2011/11/21/10
- http://www.securityfocus.com/bid/50751
- https://bugzilla.redhat.com/show_bug.cgi?id=682066
- https://bugzilla.redhat.com/show_bug.cgi?id=755584
- https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde