CVE-2012-2744
Published: 10 July 2012
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.
From the Ubuntu Security Team
An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded.
Notes
Author | Note |
---|---|
jdstrand | linux-armadaxp is maintained by OEM commit is from 2010. Ubuntu 10.04 LTS confirmed as not affected downgrading to 'medium' (and therefore will follow the standard kernel cadence update process). This is a 2 year old fix that only affects Ubuntu 8.04 LTS when using IPv6. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
hardy |
Released
(2.6.24-32.104)
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
upstream |
Released
(2.6.34~rc1)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2012-1064.html Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Released
(2.6.34~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
upstream |
Released
(2.6.34~rc1)
|