Description: Denial of service by sending IPv6 UFO packet through tap
References:
Notes:
 bwh> Bug was introduced in 3.2.63 (and 3.4.101) by the backport of
 bwh> commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") which
 bwh> assumes ipv6_select_ident() is called with a non-null struct
 bwh> rt6_info pointer.  That was not true as they were missing commit
 bwh> 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data").
 bwh> Neither the upstream kernel nor any other stable branch had this
 bwh> bug.
Bugs: #766195
upstream: N/A
2.6.32-upstream-stable: N/A
sid: N/A
3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/all/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch]
2.6.32-squeeze-security: N/A
3.16-upstream-stable: N/A
3.2-upstream-stable: released (3.2.64)