Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
Exploitability
AV:LAC:LPR:NUI:NScope
S:UImpact
C:HI:HA:H8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H