Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors

Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.