Candidate: CVE-2004-2660 References: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10 Description: Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests. Notes: jmm> This was only covered by MITRE in May 2006 jmm> Vulnerable code not present in 2.4 Bugs: upstream: released (2.6.10) linux-2.6: N/A 2.6.8-sarge-security: released (2.6.8-16sarge5) [direct-io-write-mem-leak.dpatch] 2.4.27-sarge-security: N/A