*** This bug has been split off bug 144519 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.07
grsecurity announcement to full-disclosure
It would seem that user input controlls the integers being overflowed. It looks
like a malicious user should be able to alter kernel memory.
The fix for this issue is in attachment 109500 [details]
This issue doesn't affect the 2.4 kernel. I'm closing this.