[pjc50]

If I've understood this correctly, it turns it into a local privilege escalation opportunity: run a vulnerable application as the user, use the exploit to get code execution in the kernel.

[antirez]

Yes that's my understanding as well, user space code using a given syscall with given parameters triggers the kernel exploit.

[zzzcpan]

Yeah, but there is still a little bit of explicit usage of recvfrom() with MSG_PEEK

https://codesearch.debian.net/search?q=recvfrom+.*+MSG_PEEK

And probably more implicit

https://codesearch.debian.net/search?q=recv+.*+MSG_PEEK

[ryan-c]

The use in wget seems a little scary.

[CodeWriter23]

I believe you've misread the article, first line:

> udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic....