From ${URL} : Description Saran Neti has reported a vulnerability in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "udp6_ufo_fragment()" function (net/ipv6/udp_offload.c) and can be exploited to cause a kernel panic via specially crafted UDP packets. Successful exploitation requires the kernel to be built with the IPv6 protocol (CONFIG_IPV6) support and an Ethernet driver (e.g. virtio-net) with the UDP Fragmentation Offload (UFO) feature enabled using TBF qdisc. The vulnerability is reported in versions 3.10.19 and 3.11.8. Solution: Fixed in the source code repository. Further details available to Secunia VIM customers Provided and/or discovered by: Saran Neti, TELUS Security Labs via the linux-netdev mailing list. Original Advisory: Saran Neti: http://marc.info/?l=linux-netdev&m=138305762205012&w=2
CVE-2013-4563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4563): The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
Fix in 3.12.4 onwards