Originally, the CVE-2010-4250 identifier has been assigned to the following vulnerability: Memory leak in the inotify_init() system call could, in some cases, leak a group, allowing a local, unprivileged user to eventually cause a denial of service. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4250 Later, it was found that relevant upstream commit: a2ae4cc9a16e211c8a128ba10d22a85431f093ab, v2.6.37-rc5 did not properly address the issue / introduced a regression (slab corruption by double free of user_struct in inotify_init1), which could allow a local, unprivileged user to cause a denial of service (kernel crash).
Upstream commit: http://git.kernel.org/linus/d0de4dc584ec6aa3b26fffea320a8457827768fc
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
The fix will also be in 2.6.38.3 .
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2011:1253 https://rhn.redhat.com/errata/RHSA-2011-1253.html