A netlink message with nlmsg_len set to 0 can cause an infinite loop holding the netlink semaphore therefore allowing a local unprivileged DoS. Here is the upstream fix for this issue: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf526718862196 We have not verified if this issue affects RHEL4.
Not relevant to any of our products, as the cleanup that introduced this bug is not in any of our trees.
Confirmed, commit of vulnerable code 20051110 therefore only affected 2.6.14+; submitted clarfication to CVE project.