Linux kernel is vulnerable to the Linux kernel since 3.6-rc1 with ‘net.ipv4.tcp_fastopen’ set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls. Local users could cause an application crash via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10
www.openwall.com/lists/oss-security/2016/11/11/3
www.openwall.com/lists/oss-security/2016/11/30/3
www.securityfocus.com/bid/94264
www.securitytracker.com/id/1037285
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
access.redhat.com/errata/RHSA-2017:1842
access.redhat.com/errata/RHSA-2017:2077
access.redhat.com/errata/RHSA-2017:2669
access.redhat.com/security/cve/CVE-2016-10741
access.redhat.com/security/cve/CVE-2016-8645
access.redhat.com/security/cve/CVE-2017-2584
access.redhat.com/security/cve/CVE-2017-5551
access.redhat.com/security/cve/CVE-2017-7495
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1377840
bugzilla.redhat.com/show_bug.cgi?id=1378172
bugzilla.redhat.com/show_bug.cgi?id=1389215
bugzilla.redhat.com/show_bug.cgi?id=1393904
bugzilla.redhat.com/show_bug.cgi?id=1400188
bugzilla.redhat.com/show_bug.cgi?id=1414052
bugzilla.redhat.com/show_bug.cgi?id=1421801
bugzilla.redhat.com/show_bug.cgi?id=1421810
bugzilla.redhat.com/show_bug.cgi?id=1425780
bugzilla.redhat.com/show_bug.cgi?id=1426661
bugzilla.redhat.com/show_bug.cgi?id=1427626
bugzilla.redhat.com/show_bug.cgi?id=1427647
bugzilla.redhat.com/show_bug.cgi?id=1427991
bugzilla.redhat.com/show_bug.cgi?id=1428890
bugzilla.redhat.com/show_bug.cgi?id=1428943
bugzilla.redhat.com/show_bug.cgi?id=1429610
bugzilla.redhat.com/show_bug.cgi?id=1429640
bugzilla.redhat.com/show_bug.cgi?id=1429951
bugzilla.redhat.com/show_bug.cgi?id=1429977
bugzilla.redhat.com/show_bug.cgi?id=1430023
bugzilla.redhat.com/show_bug.cgi?id=1430038
bugzilla.redhat.com/show_bug.cgi?id=1430074
bugzilla.redhat.com/show_bug.cgi?id=1430353
bugzilla.redhat.com/show_bug.cgi?id=1430926
bugzilla.redhat.com/show_bug.cgi?id=1430946
bugzilla.redhat.com/show_bug.cgi?id=1431104
bugzilla.redhat.com/show_bug.cgi?id=1432118
bugzilla.redhat.com/show_bug.cgi?id=1434616
bugzilla.redhat.com/show_bug.cgi?id=1438512
bugzilla.redhat.com/show_bug.cgi?id=1441552
bugzilla.redhat.com/show_bug.cgi?id=1452240
bugzilla.redhat.com/show_bug.cgi?id=1459056
github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3