郭永刚

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.3.3 **Description** The issue is related to the networking implementation in the Linux kernel, which does not properly validate protocol identifiers for certain protocol families. This can be exploited by local users to cause a denial of service, resulting in a system crash due to a NULL function pointer dereference. It is also possible for attackers to gain privileges by executing a crafted SOCK RAW application, leveraging CLONE NEWUSER support. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Linux kernel versions through 4.3.3, update to a version newer than 4.3.3 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.