What is CVE-2006-0454?

CVE-2006-0454 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.0 out of 10. CVE-2006-0454 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2006-0454?

CVE-2006-0454 has a CVSS score of 5.0 out of 10, rated Medium severity. The vector string is AV:N/AC:L/Au:N/C:N/I:N/A:P.

Is there a patch available for CVE-2006-0454?

No patch is currently available for CVE-2006-0454. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2006-0454 actively exploited?

CVE-2006-0454 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2006-0454

Medium

Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.

Package Linux Kernel

Published 2006-02-07

Last modified 2026-04-16

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

5.0

out of 10

Medium

Attack Vector

Network

Attack Complexity

Low

Privileges Required

User Interaction

Scope

Confidentiality

Low

Integrity

None

Availability

Vector string

AV:N/AC:L/Au:N/C:N/I:N/A:P

Weakness type

CWE-399

CVE-2006-0454 is classified as CWE-399

See CWE-399 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2006-0454 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Marc
http://marc.info/?l=linux-kernel&m=113927617401569&w=2
Marc
http://marc.info/?l=linux-kernel&m=113927648820694&w=2
Kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3
Mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:040
Securityfocus
http://www.securityfocus.com/archive/1/427981/100/0/threaded
Trustix
http://www.trustix.org/errata/2006/0006

Vendor Advisory
Ubuntu Security
http://www.ubuntu.com/usn/usn-250-1
Vupen
http://www.vupen.com/english/advisories/2006/0464

Vendor Advisory
Exchange
https://exchange.xforce.ibmcloud.com/vulnerabilities/24575
Kernel patch commit
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002909.html
Patch
Kernel patch commit
http://secunia.com/advisories/18766
Patch
Kernel patch commit
http://secunia.com/advisories/18774
Patch

9 patch commits total View all on NVD

Details

CVE ID CVE-2006-0454

Severity Medium

CVSS score 5.0 / 10

CVSS version 2.0

Published 2006-02-07

Modified 2026-04-16

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2006-0454?

CVE-2006-0454 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.0 out of 10 . CVE-2006-0454 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2006-0454?

CVE-2006-0454 has a CVSS score of 5.0 out of 10, rated Medium severity (CVSS 2.0). The vector string is AV:N/AC:L/Au:N/C:N/I:N/A:P.
Is there a patch available for CVE-2006-0454?

No patch is currently available for CVE-2006-0454. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2006-0454 actively exploited?

No — CVE-2006-0454 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.