The IPv6 netfilter subsystem in the Linux kernel through 4.6.2 does not validate certain offset fields, which allows local users to escalade privileges via an IP6T_SO_SET_REPLACE compat setsockopt call The page https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997 has updated their Description and References sections Discussion on oss-sec: http://www.openwall.com/lists/oss-security/2016/09/29/10
*** This bug has been marked as a duplicate of bug 1349722 ***