CVE-2005-2973
Description
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20:*:*:*:*:*:*
- (no CPE)range: <2.6.14-rc5
Patches
Vulnerability mechanics
Root cause
"An infinite loop occurs when binding IPv6 UDP ports with a zero port number if the IPv6 stack cannot find any free UDP ports."
Attack vector
A local attacker can trigger this vulnerability by repeatedly attempting to bind to IPv6 UDP ports. The vulnerability is triggered when the system runs out of available UDP ports within the local port range and a subsequent attempt is made to bind with a zero port number. This leads to an infinite loop within the `udp_v6_get_port` function, eventually causing a denial of service.
Affected code
The vulnerability resides in the `udp_v6_get_port` function within the `udp.c` file of the Linux kernel. The proof-of-concept code demonstrates this by repeatedly calling the `bind_udpv6_port` function, which internally uses `bind` with a zero port number to trigger the issue.
What the fix does
The advisory indicates that Linux kernel versions 2.6.14 and later are not vulnerable. The provided reference includes a commit hash for a fix, suggesting that the issue was resolved by modifying the port allocation logic in the kernel's UDPv6 implementation. This change likely prevents the infinite loop condition when no free ports are available.
Preconditions
- configThe system must be running an IPv6-enabled Linux kernel version prior to 2.6.14.
- authThe attacker must have local access to the system.
Reproduction
The provided reference [ref_id=1] includes a proof-of-concept code that can be compiled and executed to demonstrate the vulnerability.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
34- linux.bkbits.net:8080/linux-2.6/cset%404342df67SNhRx_3FGhUrrU-FXLlQIAnvd
- secunia.com/advisories/17261nvd
- secunia.com/advisories/17280nvd
- secunia.com/advisories/17917nvd
- secunia.com/advisories/17918nvd
- secunia.com/advisories/18562nvd
- secunia.com/advisories/18684nvd
- secunia.com/advisories/19185nvd
- secunia.com/advisories/19369nvd
- secunia.com/advisories/19374nvd
- secunia.com/advisories/20237nvd
- secunia.com/advisories/21745nvd
- support.avaya.com/elmodocs2/security/ASA-2006-161.htmnvd
- www.debian.org/security/2006/dsa-1017nvd
- www.debian.org/security/2006/dsa-1018nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/20163nvd
- www.redhat.com/support/errata/RHSA-2006-0140.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0190.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0191.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0493.htmlnvd
- www.securityfocus.com/advisories/9549nvd
- www.securityfocus.com/advisories/9555nvd
- www.securityfocus.com/advisories/9806nvd
- www.securityfocus.com/archive/1/419522/100/0/threadednvd
- www.securityfocus.com/archive/1/427980/100/0/threadednvd
- www.securityfocus.com/archive/1/428028/100/0/threadednvd
- www.securityfocus.com/archive/1/428058/100/0/threadednvd
- www.securityfocus.com/bid/15156nvd
- www.vupen.com/english/advisories/2005/2173nvd
- bugzilla.redhat.com/bugzilla/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10041nvd
- usn.ubuntu.com/219-1/nvd
News mentions
0No linked articles in our index yet.