CVE-2011-2699

high

Description

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

References

Advisories
More

https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c

https://bugzilla.redhat.com/show_bug.cgi?id=723429

http://www.securitytracker.com/id?1027274

http://www.openwall.com/lists/oss-security/2011/07/20/5

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c

Details

Source: Mitre, NVD

Published: 2012-05-24

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00752