Published: 06 October 2011
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.
From the Ubuntu security team
It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service.
redhat bug has a mention of a regression, need to check
the regression was triggered by a poor backport and fixed by "Fix broken backport for IPv6 tunnels in 2.6.32-longterm kernels."