The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.
Exploitability
AV:LAC:LAu:NImpact
C:NI:NA:C4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C