CVE-2013-2232

Published: 4 July 2013

The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.

From the Ubuntu security team

A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
• https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2
• https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3
• http://www.openwall.com/lists/oss-security/2013/07/02/5
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a963a37d384d71ad43b3e9e79d68d42fbe0901f3
• https://ubuntu.com/security/notices/USN-1912-1
• https://ubuntu.com/security/notices/USN-1913-1
• https://ubuntu.com/security/notices/USN-1938-1
• https://ubuntu.com/security/notices/USN-1943-1
• https://ubuntu.com/security/notices/USN-1942-1
• https://ubuntu.com/security/notices/USN-1944-1
• https://ubuntu.com/security/notices/USN-1945-1
• https://ubuntu.com/security/notices/USN-1941-1
• https://ubuntu.com/security/notices/USN-1947-1
• https://ubuntu.com/security/notices/USN-1946-1
• NVD
• Launchpad
• Debian

Bugs

• https://launchpad.net/bugs/1198293