The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
Fixed in upstream kernels 22.214.171.124 and 126.96.36.199
kernel-188.8.131.52-170.2.117.fc10 has been submitted as an update for Fedora 10.
kernel-184.108.40.206-170.2.117.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Via RHSA-2010:0076 https://rhn.redhat.com/errata/RHSA-2010-0076.html