The vulnerability is in the operating system's IP stack and any feature that uses services offered by the IP stack to parse IP packets is affected. The vulnerability occurs when the affected software attempts to obtain Layer 4 information of a malformed IP packet, causing the netstack process to terminate unexpectedly and resulting in a DoS condition.
Only transit traffic may trigger the vulnerability; malformed IP packets destined to the device running the affected software do not trigger this vulnerability. Additionally, the vulnerability can be triggered by UDP or TCP connections.
An unauthenticated, remote attacker could exploit this vulnerability by sending malformed IP packets through the targeted device. When processed, the malformed IP packets could cause the device to stop responding, resulting in a DoS condition.