CVE-2012-2744

Published: 10 July 2012

net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.

From the Ubuntu security team

An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded.

Status

Notes

linux-armadaxp is maintained by OEM
commit is from 2010. Ubuntu 10.04 LTS confirmed as not affected
downgrading to 'medium' (and therefore will follow the standard
kernel cadence update process). This is a 2 year old fix that only affects
Ubuntu 8.04 LTS when using IPv6.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2744
• https://rhn.redhat.com/errata/RHSA-2012-1064.html
• https://ubuntu.com/security/notices/USN-1507-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=833402
• https://launchpad.net/bugs/1023532