Race condition in the do_add_counters function in netfilter for Linux
kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read
kernel memory by triggering the race condition in a way that produces a
size value that is inconsistent with allocated memory, which leads to a
buffer over-read in IPT_ENTRY_ITERATE.
Updated: 2016-03-23 03:26:13 UTC (commit 10817)