Описание
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
Отчет
To trigger this issue, the attacker must be on the local network, IPV6, and the parameter net.ipv6.conf must be enabled.[NIC].accept_ra enabled. By default, net.ipv6.conf.[NIC].accept_ra is disabled for Red Hat Enterprise Linux. In the default configuration, only local attacks are possible. The bug was introduced upstream by commit 3dec89b14d37 ("net/ipv6: Remove expired routes with a separated list of routes.").
Меры по смягчению последствий
The remote attack is potentially possible in the local network only. It is not possible if param net.ipv6.conf.[NIC].accept_ra disabled. Check this param value with the command cat /proc/sys/net/ipv6/conf/default/accept_ra or /proc/sys/net/ipv6/conf/eth0/accept_ra (where eth0 is the name of the networking interface). If you cannot run this or a similar command and parameter accept_ra is not available, then IPV6 is disabled. If IPV6 is not being used, it is possible to disable it completely, and there is instruction on how to do this: https://access.redhat.com/solutions/8709
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Virtualization 4 | kernel | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
Kernel: icmpv6 router advertisement packets aka linux tcp/ip remote code execution vulnerability
A race condition was found in the Linux Kernel. Under certain conditio ...
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
7.5 High
CVSS3