It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container.
4.15.0-1202.217~16.04.14.15.0-1186.203~16.04.14.15.0-251.263~16.04.14.15.0-1155.166~16.04.1