Description of problem: It is possible to modify one of the md/ sysfs files - suspend_lo or suspend_hi when the array is not active. NOTE: this is only a vulnerability when sysfs files are writable by an attacker. It is not writable by default. This was introduced in commit e464eafd (v2.6.17-rc1). Upstream commit: http://git.kernel.org/linus/b8d966efd9a46a9a35beac50cbff6e30565125ef
kernel-2.6.29.6-217.2.16.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kernel-2.6.29.6-217.2.16.fc11
kernel-2.6.29.6-217.2.16.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1455 https://rhn.redhat.com/errata/RHSA-2009-1455.html
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html