CVE-2011-1093

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.38 kernel-kdumppae (affected versions not specified)

Description The issue is related to the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel. Specifically, the dccp rcv state process function does not properly handle packets for a CLOSED endpoint. This can be exploited by remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. Additionally, multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise may lead to disruption of protected information availability, and these vulnerabilities can be exploited remotely.

Recommendations For Linux kernel versions prior to 2.6.38: Update to version 2.6.38 or later to resolve the issue. For kernel-kdumppae: At the moment, there is no information about a newer version that contains a fix for this vulnerability.