Description
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Linux / Kernel2.6.22.17 – 2.6.22.17
References
- MISChttp://rhn.redhat.com/errata/RHSA-2017-0323.html
- MISChttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51
- MISChttp://rhn.redhat.com/errata/RHSA-2017-0347.html
- MISChttp://www.securitytracker.com/id/1037909
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634
- MISChttp://rhn.redhat.com/errata/RHSA-2017-0346.html
- MISChttp://www.securityfocus.com/bid/96529