The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17010
http://www.securityfocus.com/bid/10965