The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-4470 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.
Base Score | 7.2 |
---|---|
Base Metrics | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux Extended Update Support 6.4 (kernel) | RHSA-2014:0284 | 2014-03-11 |
Red Hat Enterprise Linux 6 (kernel) | RHSA-2013:1801 | 2013-12-12 |
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2014:0100 | 2014-01-28 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 7 | kernel | Not affected |
Red Hat Enterprise Linux 5 | kernel | Not affected |