CVE-2009-2909 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2909): Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.