Linux · Linux Kernel · CVE-2006-1368
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 2.6.16
**Description**
The issue is related to a buffer overflow in the USB Gadget RNDIS implementation. This can be exploited by remote attackers to cause a denial of service, resulting in kmalloc'd memory corruption. The exploitation occurs via a remote NDIS response to OID GEN SUPPORTED LIST, leading to memory allocation for the reply data without allocating memory for the reply structure.
**Recommendations**
For Linux kernel versions prior to 2.6.16, update to version 2.6.16 or later to resolve the issue.