Linux Kernel Netfilter Do_Replace Local Buffer Overflow Vulnerability
The Linux kernel is prone to a local buffer-overflow vulnerability because the kernel fails to properly bounds-check user-supplied input before using it in a memory copy operation.
Exploiting this issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.
This issue is exploitable only by local users who have superuser privileges or have the CAP_NET_ADMIN capability. This issue is therefore a security concern only if computers run virtualization software that allows users to have superuser access to guest operating systems or if the CAP_NET_ADMIN capability is given to untrusted users.
Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue.