NetApp Denial of Service Vulnerability

Severity Level: Medium

Date: 20/08/2024

Ref: CERT / 2024/08/75

Components Affected

• Active IQ Unified Manager for VMware vSphere
• E-Series SANtricity OS Controller Software 11.x
• ONTAP tools for VMware vSphere 9

Overview

A vulnerability was identified in a NetApp Product. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Description

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

Impact

• Denial of Service

Solution/Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

NetApp Security Fix

Reference

• NetApp Vulnerability Advisory

Disclaimer

The information provided herein is on an "as-is" basis, without warranty of any kind.