MSG_PEEK is pretty common, CVE-2016-10229 is worse than you think

CVE-2016-10229 is a Linux kernel vulnerability enabling arbitrary code execution via UDP when userspace programs use the MSG_PEEK flag in recv calls. Contrary to claims that MSG_PEEK is obscure, a quick search reveals it appears in widely-used software including nginx, haproxy, curl, gnutls, busybox, and major programming language runtimes like Python, Ruby, and Node.js. Any server running a kernel below version 4.5 should be patched immediately. Red Hat, Debian, and Ubuntu ship unaffected kernels by default, but cloud providers that control the kernel may leave users exposed regardless of their Linux distribution — check with `uname -r` and update if necessary.