From ${URL} : Linux kernel built with the TCP/IP networking support(CONFIG_NET) is vulnerable to a NULL pointer dereference flaw. It could occur via a plain read(2) call on a ping socket. Usage of ping sockets is generally restricted to privileged users. A user/program able to read from ping sockets could use this flaw to crash a system resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0
CVE-2013-6432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6432): The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.
Fix in 3.12.4