SUSE CVE-2013-1828
The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...