From Victor Julien: There exists a way to crash the Linux kernel by sending a single IPv6 packet at it.
Created attachment 187121 [details] Linus thinks this patch fixed it upstream (not verified)
Note, no RHEL tree is affected to this. This bug has been introduced with the patch [IPV6]: Per-interface statistics support. which was accepted in 2.6.20 therefore the vulnerable code was never included in any of our releases.