[原文]The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 22.214.171.124 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.
Linux Kernel ctnetlink ip_conntrack_proto_tcp.c Multiple Function DoS
Local Access Required
Denial of Service
Loss of Availability
Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered via a message without ICMP ID (ICMP_ID) information or via an update message without private protocol information, and will result in loss of availability for the platform.
Upgrade to version 126.96.36.199 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.