Updated: 2026-02-27 03:23:34.474492
Description:
The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | HIGH | 7.8 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 7 ELS | kernel | 3.10.0 | 7.5 | HIGH | Released | 2025-11-05 04:52:50 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.5 | HIGH | Released | CLSA-2025:1762244592 | 2025-11-05 04:57:56 |