Mark J. Cox in a RedHat bug: Tavis Ormandy and Julien Tinnes, Google Security Team reported that Kernels <= 2.6.18.8 are vulnerable to a NULL pointer dereference issue when using MSG_MORE on udp sockets.
CVE-2009-2698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2698): The UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.