CVE-2010-0006 : The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabl

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.

Published 2010-01-26 18:30:01

Updated 2023-02-13 02:20:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-0006

Probability of exploitation activity in the next 30 days: 1.46%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0006

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2010-0006

CWE-476 NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2010-0006

Red Hat 2010-01-28

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not have support for network namespaces, and did not include upstream commit 483a47d2 that introduced the problem.

References for CVE-2010-0006

https://bugzilla.redhat.com/show_bug.cgi?id=555217

555217 – (CVE-2010-0006) CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo()
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60
http://security-tracker.debian.org/tracker/CVE-2010-0006

CVE-2010-0006
Third Party Advisory
http://www.securityfocus.com/bid/37810

Linux Kernel 'ipv6_hop_jumbo()' Remote Denial of Service Vulnerability
Mailing List;Third Party Advisory;VDB Entry
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4

404: File not found
Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/01/14/2

oss-security - CVE-2010-0006 - kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo()
Third Party Advisory
http://cert.fi/en/reports/2010/vulnerability341748.html

Etusivu | Kyberturvallisuuskeskus
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html

[SECURITY] Fedora 11 Update: kernel-2.6.30.10-105.2.4.fc11
Mailing List;Third Party Advisory

CVEs referencing this url
http://bugs.gentoo.org/show_bug.cgi?id=300951

300951 – (CVE-2010-0006) Kernel: ipv6: skb_dst() can be NULL (CVE-2010-0006)
Third Party Advisory
http://marc.info/?l=linux-netdev&m=126343325807340&w=2

'[PATCH]: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().' - MARC
Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2010-0006