CVE-2011-3593
Published: 15 December 2011
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.
From the Ubuntu Security Team
Gideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service.
Notes
Author | Note |
---|---|
apw | https://bugzilla.redhat.com/show_bug.cgi?id=742846 fixed by 3701e51382a026cba10c60b03efabe534fba4ca4 introduced by e1c096e251e52773afeffbbcb74d0a072be47ea3 the actual fix is a switch from using vlan_dev_real_dev to vlan_find_dev |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.37~rc1)
|
hardy |
Not vulnerable
|
|
lucid |
Released
(2.6.32-35.78)
|
|
maverick |
Released
(2.6.35-30.60)
|
|
natty |
Not vulnerable
(2.6.37-2.9)
|
|
oneiric |
Not vulnerable
(2.6.39-0.0)
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
quantal |
Not vulnerable
(3.1.0-1.0)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1465.html Introduced by e1c096e251e52773afeffbbcb74d0a072be47ea3 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.37~rc1)
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.32-319.39)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.32-219.37)
|
|
maverick |
Released
(2.6.32-419.37)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.37~rc1)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
quantal |
Not vulnerable
(3.2.0-1602.5)
|
|
upstream |
Released
(2.6.37~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.31-611.29)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.37~rc1)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.6.35-30.60~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.37~rc1)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.38-1.27~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.37~rc1)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(3.0.0-5.6~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Released
(2.6.37~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Released
(2.6.35-903.25)
|
|
natty |
Not vulnerable
(2.6.38-1201.2)
|
|
oneiric |
Not vulnerable
(2.6.38-1309.13)
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
quantal |
Not vulnerable
(3.0.0-1401.2)
|
|
upstream |
Released
(2.6.37~rc1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3593
- https://ubuntu.com/security/notices/USN-1253-1
- https://ubuntu.com/security/notices/USN-1220-1
- https://ubuntu.com/security/notices/USN-1239-1
- https://ubuntu.com/security/notices/USN-1227-1
- https://ubuntu.com/security/notices/USN-1245-1
- https://ubuntu.com/security/notices/USN-1241-1
- https://ubuntu.com/security/notices/USN-1240-1
- https://ubuntu.com/security/notices/USN-1219-1
- NVD
- Launchpad
- Debian