An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers array which, in turn, allows userland to take over control while in kernel mode.
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 915057]
This issue did not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and 6.
This issue was addressed in Red Hat Enterprise MRG 2 via RHSA-2013:0622 https://rhn.redhat.com/errata/RHSA-2013-0622.html
kernel-3.7.9-205.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.7.9-104.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
MRG for RHEL-6 v.2
Via RHSA-2013:0622 https://rhn.redhat.com/errata/RHSA-2013-0622.html
The upstream sha1 is 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0