NetApp Denial of Service Vulnerability

ADVISORY!

TLP : CLEAR

Date : 20/08/2024

REF NO : CERT / 2024/08/75

Severity Level: Medium

Components Affected

Active IQ Unified Manager for VMware vSphere
E-Series SANtricity OS Controller Software 11.x
ONTAP tools for VMware vSphere 9

Overview

A vulnerability was identified in a NetApp Product. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Description

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

Impact

Denial of Service

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

https://security.netapp.com/advisory/ntap-20240816-0005/

Reference

https://security.netapp.com/advisory/ntap-20240816-0005/

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Quick Links

Useful Links

Contact

Hotline : 101
+94 11 269 1692
Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
General inquiry: cert@cert.gov.lk
Security incidents: incidents@cert.gov.lk
Social media incidents: report@cert.gov.lk

ADVISORY!