net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 2.6.37 (excluding) |
Linux_kernel | Linux | 2.6.37 (including) | 2.6.37 (including) |
Linux_kernel | Linux | 2.6.37-rc1 (including) | 2.6.37-rc1 (including) |