*** This bug has been split off bug 144519 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.07
grsecurity announcement to full-disclosure
It would seem that user input controlls the integers being overflowed. It looks
like a malicious user should be able to alter kernel memory.
The fix for this issue is in attachment 109500 [details]
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.