The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9487
http://www.securityfocus.com/bid/13267
http://www.securityfocus.com/archive/1/427980/100/0/threaded
http://www.securityfocus.com/archive/1/419522/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2005-366.html