The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
3.13.0-123.1724.4.0-83.106~14.04.14.4.0-83.1064.4.0-1022.314.4.0-1018.184.10.0-32.36~16.04.14.4.0-1061.694.4.0-1063.685.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 moreExploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H