Candidate: CVE-2005-0001
References: 
 BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation
 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
 FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation
 URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
 MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
 CONECTIVA:CLA-2005:930
 URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
 FEDORA:FLSA:2336
 URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
 MANDRAKE:MDKSA-2005:022
 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
 REDHAT:RHSA-2005:043
 URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
 REDHAT:RHSA-2005:092
 URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
 TRUSTIX:2005-0001
 URL:http://www.trustix.org/errata/2005/0001/
 BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities
 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
 XF:linux-fault-handler-gain-privileges(18849)
 URL:http://xforce.iss.net/xforce/xfdb/18849
Description: 
 Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to
 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor
 machines, allows local users to execute arbitrary code via concurrent threads
 that share the same virtual memory space and simultaneously request stack
 expansion.
Notes: 
Bugs: 
upstream: 
linux-2.6: 
2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff]
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-14.4)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)