PROBLEM:
Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability
PLATFORM:
Linux Kernel 3.2.x
ABSTRACT:
The Linux kernel is prone to a remote denial-of-service vulnerability.
reference LINKS:
Secunia Advisory SA50081
Bugtraq ID: 54763
Vulnerability Report: Linux Kernel 3.2.x
The Linux Kernel Archives
Original Advisory
CVE-2012-3412
IMPACT ASSESSMENT:
Medium
Discussion:
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the Solarflare network driver (drivers/net/ethernet/sfc/tx.c) when handling TCP segments and can be exploited via a malicious peer.
Impact:
Successful exploitation requires TCP Segmentation Offload (TSO) to be enabled (default). Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.
Solution:
Updates are available, please visit: Linux kernel Homepage