CVE-2006-1368

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.16

Description The issue is related to a buffer overflow in the USB Gadget RNDIS implementation. This can be exploited by remote attackers to cause a denial of service, resulting in kmalloc'd memory corruption. The exploitation occurs via a remote NDIS response to OID GEN SUPPORTED LIST, leading to memory allocation for the reply data without allocating memory for the reply structure.

Recommendations For Linux kernel versions prior to 2.6.16, update to version 2.6.16 or later to resolve the issue.