This CVE addresses two commits, one in the ipv6 stack and the other in l2tp. There is two introduced commits one is 85cb73f ("net: ipv6: reset daddr and dport in sk if connect() fails") was merged in 4.12 and the other commit 3557baa ("[L2TP]: PPP over L2TP driver core") was merged in 2.6.23-rc1.
Fixed commits have been merged since 4.16-rc7 so 4.16 or later kernels don't affect this vulnerability.
Commit 2f987a76("net: ipv6: keep sk status consistent after datagram connect failure") fixes 85cb73f and commit b954f940("l2tp: fix races with ipv4-mapped ipv6 addresses") fixes commit 3557baa.
To apply patches to 4.4, it needs to fix conflicts.
CVSS v3 score is not provided.
Fixed status
mainline: [2f987a76a97773beafbc615b9c4d8fe79129a7f4, b954f94023dcc61388c8384f0f14eb8e42c863c5] stable/4.4: not fixed yet
Others are fixed, but this one may be worth watching. Fortunately it is not remote attack, AFAICT.
Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
