The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
3.13.0-142.1914.4.0-96.119~14.04.14.4.0-96.1194.4.0-1035.444.13.0-1005.74.13.0-1002.54.4.0-1031.314.13.0-32.35~16.04.14.4.0-1074.824.4.0-1076.81Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H