CVE-2011-2942

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.18 on Red Hat Enterprise Linux (RHEL) 5

Description The issue is related to a certain Red Hat patch to the br deliver function in net/bridge/br forward.c in the Linux kernel. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, or possibly have other unspecified impacts. The attack can be leveraged by connecting to a network interface that uses an Ethernet bridge device.

Recommendations For Linux kernel version 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, consider applying a patch to fix the issue in the br deliver function. As a temporary workaround, restrict access to network interfaces that use Ethernet bridge devices to minimize the risk of exploitation.