| The vulnerability occurs in the netlabel subsystem, specifically in the `cipso_v4_map_lvl_valid()` and `netlbl_bitmap_walk()` functions. These functions contain out-of-bounds memory accesses, which can lead to undefined behavior and potential security issues. |
| The issue is caused by simple programming errors, where arrays are accessed with invalid indices. The fixes involve modifying the indexing logic to ensure that array accesses are within bounds. |
| This vulnerability was introduced in Linux kernel version 2.6.19 and fixed in various subsequent versions, including 3.16.66, 3.18.137, 4.4.177, 4.9.163, 4.14.106, 4.19.28, 4.20.15, and 5.0. |
