Race condition in the do_add_counters function in netfilter for Linux
kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read
kernel memory by triggering the race condition in a way that produces a
size value that is inconsistent with allocated memory, which leads to a
buffer over-read in IPT_ENTRY_ITERATE.
Updated: 2016-01-26 17:25:54 UTC (commit 10507)