By setting a specific socket option, an attacker can control a pointer in kernel land and cause a general protection fault, or potentially execute arbitrary code. The issue can be triggered by running the included POC as root, inside a default LXC container or with
CAP_NET_ADMIN privileges. This issue was confirmed on Debian Stretch (kernel 4.9.168), however Debian have advised that this issue also affects older kernel versions. This issue may also be triggered by a low privileged user that can unshare their user and network namespaces.