PT-2019-7019 · Arista+2 · Eoskernel+2

David S. Miller

Published

2013-11-05

Updated

2021-11-17

CVE-2013-7470

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.11.7 EosKernel-3.4

Description The issue allows attackers to cause a denial of service, resulting in an infinite loop and crash. This can be triggered remotely through the network by sending certain malformed packets, specifically IP packets with rarely used packet options. The exposure is specific to certain EOS releases that use the affected EosKernel-3.4.

Recommendations For Linux kernel versions prior to 3.11.7, update to version 3.11.7 or later to resolve the issue. For EosKernel-3.4, follow the resolution steps documented in the relevant sections for the affected Arista EOS versions. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2013-1053

ALT-PU-2014-1422

CVE-2013-7470

Affected Products

Alt Linux

Eoskernel

Linux Kernel

PT-2019-7019 · Arista+2 · Eoskernel+2

CVE-2013-7470

Weakness Enumeration

Related Identifiers

Affected Products

References · 165