Bugzilla – Bug 132750
VUL-0: CVE-2005-3274: kernel: local dos in virtual server / ip_vs_conn_flush on SMP
Last modified: 2021-11-03 15:25:44 UTC
CVE-2005-3274 Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d CONFIRM:http://lkml.org/lkml/2005/6/23/249 CONFIRM:http://lkml.org/lkml/2005/6/24/173
we have VS enabled. not sure if we need or want to fix this.
It's fairly low risk, but adding it seems a good idea before it is made public. Your call.
I think it's not worth the hassle. ip_vs_conn_flush is called during rmmod - so we're talking about the a connection expiring at the moment the admin rmmod's the module. How likely is that? -> WONTFIX please
i agree.
CVE-2005-3274: CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)