VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 11, 2006· Updated Jun 16, 2026

CVE-2006-0035

CVE-2006-0035

Description

The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
    • (no CPE)range: 2.6.14, 2.6.15

Patches

Vulnerability mechanics

Root cause

"Missing validation of the nlmsg_len field in netlink_rcv_skb() allows a value of 0 to cause an infinite loop."

Attack vector

A local user sends a crafted Netlink message with the `nlmsg_len` field set to 0 [ref_id=1]. The `netlink_rcv_skb()` function fails to validate this value, causing an infinite loop when processing the message [ref_id=1]. This results in a denial of service (DoS) condition on the affected system [ref_id=1]. No special privileges beyond local access are required.

Affected code

The vulnerability resides in the `netlink_rcv_skb()` function in `af_netlink.c` in the Linux kernel [ref_id=1]. The advisory states that there is "missing validation of the 'nlmsg_len' value" in this function [ref_id=1].

What the fix does

The advisory does not include a patch diff, but the remediation involves adding proper validation of the `nlmsg_len` field in `netlink_rcv_skb()` to reject messages with a length of 0 [ref_id=1]. The fix was included in kernel version 2.6.15.1-1tr as shipped by Trustix [ref_id=1]. Without this check, a zero-length `nlmsg_len` causes the message parsing loop to never advance, resulting in an infinite loop.

Preconditions

  • authAttacker must have local access to the system
  • inputAttacker must be able to send Netlink messages (typically requires no special privileges beyond local user access)

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.