The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.
http://www.securityfocus.com/bid/55785
http://www.openwall.com/lists/oss-security/2012/10/04/2