Error in the "ip_ctloutput()" function can be exploited by using the "getsockopt()" to retrieve IPsec credentials for a socket.
vulners.com/securityvulns/securityvulns:doc:8909