Red Hat Bugzilla – Bug 248325
CVE-2007-3105 Bound check ordering issue in random driver
Last modified: 2007-11-01 09:33:30 EDT
Bug reported by the PaX Team <pageexec@freemail.hu> If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation.