kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.

It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...