sys_get_thread_area does a copy_to_user on a partially unitialized structure, which can leak a few random bits of information to userspace. http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw 2.4 is not affected, however RHEL3 probably is due to linux-2.4.20-o1-nptl.patch
I've confirmed that there is a 3-byte + 1-bit info leak in RHEL3. This is a silly bug, but it is trivial to fix.
It's unfortunate that such leaks in the past have been classed as security issues - it's not like you can particularly influence what you get or even know the context of what you got. I've not applied for a CVE name for this issue and do not intend to do so for such a trivial issue of minor risk.
Patch posted for review on 6-Oct-2005.
A fix for this problem has just been committed to the RHEL3 U7 patch pool this evening (in kernel version 2.4.21-37.5.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0144.html