Upstream information
Description
The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 4.7 |
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Note from the SUSE Security Team
This issue was introduced after Linux kernel 2.6.33 and fixed in Linux kernel 2.6.38. Only openSUSE 11.4 would have been affected, but it had a fix already. No SUSE Linux Enterprise product carried the affected code. SUSE Bugzilla entry: 768321 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Fri Jun 28 04:27:29 2013CVE page last modified: Mon Oct 6 18:16:59 2025