• An integer overflow flaw was found in the way the Linux kernel's
  netfilter connection tracking implementation loaded extensions. An attacker
  on a local network could potentially send a sequence of specially crafted
  packets that would initiate the loading of a large number of extensions,
  causing the targeted system in that network to crash. (CVE-2014-9715,
  Moderate)

• A stack-based buffer overflow flaw was found in the Linux kernel's early
  load microcode functionality. On a system with UEFI Secure Boot enabled, a
  local, privileged user could use this flaw to increase their privileges to
  the kernel (ring0) level, bypassing intended restrictions in place.
  (CVE-2015-2666, Moderate)

• It was found that the Linux kernel's ping socket implementation did not
  properly handle socket unhashing during spurious disconnects, which could
  lead to a use-after-free flaw. On x86-64 architecture systems, a local user
  able to create ping sockets could use this flaw to crash the system.
  On non-x86-64 architecture systems, a local user able to create ping
  sockets could use this flaw to escalate their privileges on the system.
  (CVE-2015-3636, Moderate)

• It was found that the Linux kernel's TCP/IP protocol suite implementation
  for IPv6 allowed the Hop Limit value to be set to a smaller value than the
  default one. An attacker on a local network could use this flaw to prevent
  systems on that network from sending or receiving network packets.
  (CVE-2015-2922, Low)

Bugs fixed (https://bugzilla.redhat.com/):

1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
1204722 - CVE-2015-2666 kernel: execution in the early microcode loader
1208684 - CVE-2014-9715 kernel: netfilter connection tracking extensions denial of service
1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation