The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 2.6.38.8 (including) |
| Linux_kernel | Linux | 2.6.38 (including) | 2.6.38 (including) |
| Linux_kernel | Linux | 2.6.38-rc1 (including) | 2.6.38-rc1 (including) |
| Linux_kernel | Linux | 2.6.38-rc2 (including) | 2.6.38-rc2 (including) |
| Linux_kernel | Linux | 2.6.38-rc3 (including) | 2.6.38-rc3 (including) |
| Linux_kernel | Linux | 2.6.38-rc4 (including) | 2.6.38-rc4 (including) |
| Linux_kernel | Linux | 2.6.38-rc5 (including) | 2.6.38-rc5 (including) |
| Linux_kernel | Linux | 2.6.38-rc6 (including) | 2.6.38-rc6 (including) |
| Linux_kernel | Linux | 2.6.38-rc7 (including) | 2.6.38-rc7 (including) |
| Linux_kernel | Linux | 2.6.38-rc8 (including) | 2.6.38-rc8 (including) |
| Linux_kernel | Linux | 2.6.38.1 (including) | 2.6.38.1 (including) |
| Linux_kernel | Linux | 2.6.38.2 (including) | 2.6.38.2 (including) |
| Linux_kernel | Linux | 2.6.38.3 (including) | 2.6.38.3 (including) |
| Linux_kernel | Linux | 2.6.38.4 (including) | 2.6.38.4 (including) |
| Linux_kernel | Linux | 2.6.38.5 (including) | 2.6.38.5 (including) |
| Linux_kernel | Linux | 2.6.38.6 (including) | 2.6.38.6 (including) |
| Linux_kernel | Linux | 2.6.38.7 (including) | 2.6.38.7 (including) |
| Linux | Ubuntu | maverick | * |
| Linux | Ubuntu | natty | * |
| Linux | Ubuntu | oneiric | * |
| Linux | Ubuntu | upstream | * |
| Linux-ec2 | Ubuntu | maverick | * |
| Linux-ec2 | Ubuntu | upstream | * |
| Linux-fsl-imx51 | Ubuntu | upstream | * |
| Linux-lts-backport-maverick | Ubuntu | lucid | * |
| Linux-lts-backport-maverick | Ubuntu | upstream | * |
| Linux-lts-backport-natty | Ubuntu | lucid | * |
| Linux-lts-backport-natty | Ubuntu | upstream | * |
| Linux-lts-backport-oneiric | Ubuntu | lucid | * |
| Linux-lts-backport-oneiric | Ubuntu | upstream | * |
| Linux-mvl-dove | Ubuntu | upstream | * |
| Linux-ti-omap4 | Ubuntu | maverick | * |
| Linux-ti-omap4 | Ubuntu | natty | * |
| Linux-ti-omap4 | Ubuntu | oneiric | * |
| Linux-ti-omap4 | Ubuntu | upstream | * |