When the Linux kernel receives a malformed IPv6 jumbo packet - it will drop the packet and try to write some statistics. In the affected kernel versions it is not assured that the structure which provides the information is correctly initialized - resulting in a kernel crash.

http://www.securiteam.com/exploits/5QP0F15N5Q.html