The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Upstream commit: http://git.kernel.org/linus/286e633ef0ff5bb63c07b4516665da8004966fec Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
Fixed in upstream kernels 2.6.27.40 and 2.6.31.7
kernel-2.6.27.41-170.2.117.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/kernel-2.6.27.41-170.2.117.fc10
kernel-2.6.27.41-170.2.117.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0076 https://rhn.redhat.com/errata/RHSA-2010-0076.html