Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The Linux kernel is vulnerable to a crash on hosts that accept router
> advertisements. An unlimited number of routes can be created from
> router advertisements.
>
> A remote attacker in the same layer 2 segment can cause a crash from
> memory exhaustion by flooding router advertisements to a target
> machine.
>
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
>
> http://patchwork.ozlabs.org/patch/327515/

Use CVE-2014-2309.

As a side note, this is possibly related to "it seems that Linux is
not affected, you might want to test though as I have only tested this
with a 2.6.x kernel" in the
http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By
mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a
CVE assignment from October 2012. We only mean that this
c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x
might have been suggested but not tested in 2012.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br
oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf
bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p
tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI
cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9
b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM=
=rnx+
-----END PGP SIGNATURE-----