Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c 
in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

3.3-3.8