A flaw was found and fixed in 2.6 (and backported to 2.4 on 20040204). On ia64 platforms that can allegedly cause a local unprivileged user to oops the kernel; but others have said that it causes a BUG() and leaking vma only. http://linux.bkbits.net:8080/linux-2.6/cset@3f96a083QbCcQgd-bg2Bt2-LMX-QJg http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg Therefore fixed in 2.4.25
This fix is slated for the RHEL3-U4 respin taking place 11/16/04 Although reported against ia64, the fix is good for all arches.
The fix for this problem has been committed to both the RHEL3 U4 and the RHEL3 E4 patch pools (in kernel versions 2.4.21-25.EL and 2.4.21-20.0.1.EL).
The correct CVE name for this issue is CVE-2004-0138.