An issue was discovered in the Linux kernel before 4.18.11. The ipddpioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAPNETADMIN to read the ipddproute dev and next fields via an SIOCFINDIPDDPRT ioctl call.