Resource management errors in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2006-5619 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management errors
EUVDB-ID: #VU95226
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-5619
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform service disruption.
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttp://lkml.org/lkml/2006/11/5/46
http://rhn.redhat.com/errata/RHSA-2007-0014.html
http://secunia.com/advisories/22665
http://secunia.com/advisories/22754
http://secunia.com/advisories/23370
http://secunia.com/advisories/23384
http://secunia.com/advisories/23474
http://secunia.com/advisories/23593
http://secunia.com/advisories/23752
http://secunia.com/advisories/23997
http://secunia.com/advisories/24206
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6
http://www.mandriva.com/security/advisories?name=MDKSA-2007:002
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.securityfocus.com/archive/1/451097/100/0/threaded
http://www.securityfocus.com/bid/20847
http://www.ubuntu.com/usn/usn-395-1
http://www.us.debian.org/security/2006/dsa-1233
http://www.vupen.com/english/advisories/2006/4297
http://exchange.xforce.ibmcloud.com/vulnerabilities/29970
http://issues.rpath.com/browse/RPL-760
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9311
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
