Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
4af31b963bddcf331a7037ea35c40e4fbfd445f815d8756856219abad1f16c71