There is a remotely exploitable bug in all Linux kernel 2.6 series due to using incorrect variable type. Vulnerability is connected to netfilter subsystem and may cause DoS. It’s disclosed only when using iptables with rules matching TCP options (i.e. –tcp-option). There is no difference what action is taking up by matching rule.