Linux Kernel Bridge Multicast Implementation Denial of Service Vulnerability

Linux Kernel Bridge Multicast Implementation Denial of Service Vulnerability

CVE-2013-4129 · MEDIUM Severity

AV:L/AC:M/AU:N/C:N/I:N/A:C

The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.