The __scm_destroy function in net/core/scm.c in the Linux kernel 220.127.116.11,
2.6.26, and earlier makes indirect recursive calls to itself through calls
to the fput function, which allows local users to cause a denial of service
(panic) via vectors related to sending an SCM_RIGHTS message through a UNIX
domain socket and closing file descriptors.
It was discovered that the Unix Socket handler did not correctly process
the SCM_RIGHTS message. A local attacker could make a malicious socket
request that would crash the system, leading to a denial of service.
kees> raised priority due to public PoC
Updated: 2015-10-17 03:31:10 UTC (commit 10086)