(FC3 and FC2) +++ This bug was initially created as a clone of Bug #151249 +++ Reported to vendor-sec from the kernel security list, originally from Georgi Guninski. "It is possible to partially overwrite low kernel memory due to integer overflow in sys_epoll_wait and misuse of __put_user in ep_send_events" Note that this area usually doesn't actually contain anything (the first 4kB are left alone for dosemu etc to read the original 16-bit interrupt descriptors, and the rest is just about the last thing we ever allocate, so it's usually unused) Fixed upstream, see http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew