An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. References: https://github.com/torvalds/linux/commit/7690aa1cdf7c4565ad6b013b324c28b685505e24 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8
The affected code was not introduced into any kernel versions shipped with Red Hat Enterprise Linux making this vulnerable not applicable to these platforms.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-36691