|The Linux kernel 2.6.0 through 188.8.131.52, and 2.4.4 through 184.108.40.206,
does not initialize all function pointers for socket operations in
proto_ops structures, which allows local users to trigger a NULL
pointer dereference and gain privileges by using mmap to map page
zero, placing arbitrary code on this page, and then invoking an
unavailable operation, as demonstrated by the sendpage operation
(sock_sendpage function) on a PF_PPPOX socket.