CVE-2008-3686

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.26-rc4 through 2.6.26.2

Description The issue allows local users to cause a denial of service, resulting in a kernel OOPS, via IPv6 requests when no IPv6 input device is in use. This is due to a NULL pointer dereference triggered by the rt6 fill node function in net/ipv6/route.c.

Recommendations For Linux kernel versions 2.6.26-rc4 through 2.6.26.2, consider restricting IPv6 requests when no IPv6 input device is in use as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.