Race condition in the do_add_counters function in netfilter for Linux
kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read
kernel memory by triggering the race condition in a way that produces a
size value that is inconsistent with allocated memory, which leads to a
buffer over-read in IPT_ENTRY_ITERATE.
Updated: 2015-10-17 03:25:17 UTC (commit 10086)