PT-2005-1046 · Linux+1 · Linux Kernel+1

Published

2005-12-31

Updated

2017-10-11

CVE-2006-2446

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.9

Description The issue is related to multiple vulnerabilities in the Linux kernel, which can be exploited remotely to cause a denial of service, leading to disruption of protected information availability. A race condition between the kfree skb and skb unlink functions in socket buffer handling allows remote attackers to crash the system, as demonstrated using TCP stress tests.

Recommendations For Linux kernel version 2.6.9 and possibly other affected versions, consider applying a patch to fix the race condition between the kfree skb and skb unlink functions to prevent remote denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03499

CVE-2006-2446

DSA-1183-1

DSA-1184-2

RHSA-2006:0575

RHSA-2006_0575

Affected Products

Linux Kernel

Red Hat

PT-2005-1046 · Linux+1 · Linux Kernel+1

CVE-2006-2446

Related Identifiers

Affected Products

References · 265