link_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.
大概說,這個函數可以允許local user發出壹個拒絕服務,此時nlmsg字段為0.
具體我也不清楚什麽是local user,nlmsg又是哪個結構體裏的字段...內核的網絡部分還沒看...