Candidate: CVE-2004-2607 
References: 
 http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html
 http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2
Description: 
 A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to
 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of
 kernel memory via a large len argument, which is received as an int but
 cast to a short, which prevents a read loop from filling a buffer.
Notes: 
 jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16,
 jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
 jmm> be double-checked against the source though, but my bandwidth is currently
 jmm> too slim to download 2.6.8
 jmm>
 jmm> The fix below is for a completely different issue, I've split it out
 horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable
 horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable
Bugs: 
upstream: released (2.4.33-pre2), released (2.6.6)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff]
2.4.19-woody-security: 
2.4.18-woody-security: 
2.4.17-woody-security: 
2.4.16-woody-security: 
2.4.17-woody-security-hppa: 
2.4.17-woody-security-ia64: 
2.4.18-woody-security-hppa: