The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.
https://bugzilla.redhat.com/show_bug.cgi?id=698057
http://www.securityfocus.com/bid/47835
http://openwall.com/lists/oss-security/2011/04/25/4
http://openwall.com/lists/oss-security/2011/04/22/2
http://openwall.com/lists/oss-security/2011/04/21/7
http://openwall.com/lists/oss-security/2011/04/21/2
http://openwall.com/lists/oss-security/2011/04/21/1