BUGTRAQ has recently carried a report of a security exploit against all current versions of LSOF up to and including 4.40. Vic Abell, the author of LSOF, has released a patch for it, in (email) message-id <001001be5b37$b7e6aeb0$aa87d280.purdue.edu> on BUGTRAQ (with the subject 'Re: [HERT] Advisory #002 Buffer overflow in lsof'); the patch itself is at ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/patches/4.40/arg.c.patch (for lsof 4.40, clearly). The original report of the problem was message-id <19990218013035.B4950.int> on BUGTRAQ and is available at http://www.hert.org/advisories/HERT-02.asc although it doesn't give any details. (hopefully Bugzilla will preserve the angle brackets in those message-ids)
/dev/kmem under Linux is read-only, so it is not vulnerable to a root compromise.
It's not clear to me if read access to kmem (apparently obtainable through the lsof exploit on RedHat 5.2, since lsof is setgid kmem and /dev/kmem is group-readable for kmem) can be used to do evil things. RedHat might want to look into the situation and make a statement one way or another. (Or it might be simpler and less time consuming to just release new lsof RPMs built from 4.40 + Vic's patch.)
The immediate fix is chmod g-s /usr/sbin/lsof An updated errata of lsof-4.40 with Vic Abel's patch will be issued shortly.