In the Linux kernel, the following vulnerability has been resolved:
phonet: fix rtmphonetnotify() skb allocation
fill_route() stores three components in the skb:
Therefore, rtmphonetnotify() should use
NLMSGALIGN(sizeof(struct rtmsg)) + nlatotalsize(1) + nlatotal_size(4)