CVE-2013-4470
The MITRE CVE dictionary describes this issue as:
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
Find out more about CVE-2013-4470 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.
CVSS v2 metrics
| Base Score | 7.2 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 6.4 (kernel) | RHSA-2014:0284 | 2014-03-11 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2013:1801 | 2013-12-12 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2014:0100 | 2014-01-28 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Acknowledgements
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.CVE description copyright © 2017, The MITRE Corporation