Race condition in the do_add_counters function in netfilter for Linux
kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read
kernel memory by triggering the race condition in a way that produces a
size value that is inconsistent with allocated memory, which leads to a
buffer over-read in IPT_ENTRY_ITERATE.
Updated: 2012-06-01 15:16:50 UTC (commit 5347)