The __scm_destroy function in net/core/scm.c in the Linux kernel 188.8.131.52,
2.6.26, and earlier makes indirect recursive calls to itself through calls
to the fput function, which allows local users to cause a denial of service
(panic) via vectors related to sending an SCM_RIGHTS message through a UNIX
domain socket and closing file descriptors.
It was discovered that the Unix Socket handler did not correctly process
the SCM_RIGHTS message. A local attacker could make a malicious socket
request that would crash the system, leading to a denial of service.
kees> raised priority due to public PoC
Updated: 2016-03-23 03:32:33 UTC (commit 10817)