Candidate: CVE-2005-1264
References: 
 MLIST:[linux-kernel] 20050517 [PATCH] Fix root hole in raw device
 URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=111630512512222
 VULNWATCH:20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
 URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
 VULNWATCH:20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
 URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
 CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
 FRSIRT:ADV-2005-0557
 URL:http://www.frsirt.com/english/advisories/2005/0557
Description: 
 Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong
 function before passing an ioctl to the block device, which crosses security
 boundaries by making kernel address space accessible from user space, a
 similar vulnerability to CVE-2005-1589.
Notes: 
Bugs: 
upstream: released (2.6.11.10)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
2.4.27-sarge-security: N/A "raw.c doesn't call ioctl_by_bdev() in 2.4"
2.6.18-etch-security: N/A