The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPTSOSET_REPLACE setsockopt call.
{ "urgency": "not yet assigned" }