The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
3.13.0-123.1724.4.0-83.106~14.04.14.4.0-83.1064.4.0-1022.314.4.0-1018.184.10.0-32.36~16.04.14.4.0-1061.694.4.0-1063.685.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 moreExploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H