CVE-2011-0716
Published: 12 January 2012
The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface.
From the Ubuntu Security Team
A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
maverick |
Released
(2.6.35-32.66)
|
|
natty |
Not vulnerable
(2.6.38-5.32)
|
|
oneiric |
Not vulnerable
(2.6.39-0.0)
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
upstream |
Released
(2.6.38~rc6)
|
|
Patches: Introduced by eb1d16414339a6e113d89e2cca2556005d7ce919 |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.35-32.66~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.38-5.32~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(3.0.0-5.6~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
maverick |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.38~rc6)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Released
(2.6.35-903.31)
|
|
natty |
Not vulnerable
(2.6.38-1203.4)
|
|
oneiric |
Not vulnerable
(2.6.38-1309.13)
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
upstream |
Released
(2.6.38~rc6)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0716
- https://www.redhat.com/archives/rhsa-announce/2011-April/msg00007.html
- https://ubuntu.com/security/notices/USN-1379-1
- https://ubuntu.com/security/notices/USN-1387-1
- https://ubuntu.com/security/notices/USN-1394-1
- NVD
- Launchpad
- Debian