VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 8, 2013· Updated Apr 29, 2026

CVE-2011-3593

CVE-2011-3593

Description

A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in the Linux kernel's VLAN handling on RHEL 6 allows remote attackers to crash the system via priority-tagged VLAN frames.

Vulnerability

The vulnerability resides in the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c of the Linux kernel 2.6.32 as shipped with Red Hat Enterprise Linux 6. It was introduced by a Red Hat patch that incorrectly backported upstream changes. When the kernel receives a priority-tagged VLAN frame (VID=0), it triggers a panic, leading to a system crash [1][2].

Exploitation

An attacker needs only network access to send crafted VLAN frames with a priority tag (VID=0) to a vulnerable system. No authentication or user interaction is required. The attacker sends such frames, and upon processing, the kernel panics, causing an immediate denial of service [1].

Impact

Successful exploitation results in a denial of service (system crash), affecting the availability of the targeted system. There is no evidence of information disclosure, data corruption, or privilege escalation [1][2].

Mitigation

Red Hat addressed this issue in a kernel update for Red Hat Enterprise Linux 6. The fix was committed and released; users should apply the latest kernel updates from Red Hat. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1][2].

References
  1. fix panic when handling priority tagged frames
  2. security - CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.