The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
The product divides a value by zero.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 2.6.37 (excluding) |
Linux_kernel | Linux | 2.6.37 (including) | 2.6.37 (including) |
Linux_kernel | Linux | 2.6.37-rc1 (including) | 2.6.37-rc1 (including) |