Candidate: CVE-2005-0977
References: 
 http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
 http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg
 http://lkml.org/lkml/2005/2/5/111
 http://www.securityfocus.com/bid/12970
Description: 
 The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel
 2.6 does not properly verify the address argument, which allows local users
 to cause a denial of service (kernel crash) via an invalid address.
Notes: 
 dannf> 2.4 does look vulnerable, but the 2.6 fix won't work directly because
 dannf> 2.4 doesn't have i_size_read().  The 2.6 i_size_read() uses seqlocks,
 dannf> which aren't in 2.4, so the port isn't trivial for me.
 dannf> Forwarded to Willy Tarreau on 2008.01.17
Bugs: 303177
upstream: released (2.6.11)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge6) "need porting help"
2.6.18-etch-security: N/A