Description
The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-July/112454.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/07/15/4
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-July/112619.html
Exploit, Patch x_refsource_confirm
https://github.com/torvalds/linux/commit/307f2fb95e9b96b3577916e73d92e104f8f26494
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61166
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=984664
Patch x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=307f2fb95e9b96b3577916e73d92e104f8f26494
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028780
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85645
Scores
EPSS
0.0123
EPSS Percentile
79.2%
Details
CWE
CWE-399
Status
published
Products (44)
linux/linux_kernel
3.0 rc1 (7 CPE variants)
linux/linux_kernel
3.0.1
linux/linux_kernel
3.0.2
linux/linux_kernel
3.0.3
linux/linux_kernel
3.0.4
linux/linux_kernel
3.0.5
linux/linux_kernel
3.0.6
linux/linux_kernel
3.0.7
linux/linux_kernel
3.0.8
linux/linux_kernel
3.0.9
... and 34 more
Published
Jul 15, 2013
Tracked Since
Feb 18, 2026