NOTE: We have not verified if this issue affects RHEL3. +++ This bug was initially created as a clone of Bug #177496 +++ A netlink message with nlmsg_len set to 0 can cause an infinite loop holding the netlink semaphore therefore allowing a local unprivileged DoS. Here is the upstream fix for this issue: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf526718862196
RHEL3 is not affected, the bug was introduced in a cleanup that never made it into RHEL3.