Candidate: CVE-2005-2800 References: URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800 Description: Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. Notes: dannf> seq_file is a 2.6ism, so marking 2.4 as N/A dannf> There's a trivial test case - can it be reproduce this on 2.4? Bugs: upstream: released (2.6.12.6) linux-2.6: released (2.6.12-6) 2.6.8-sarge-security: released (2.6.8-16sarge2) 2.4.27-sarge-security: N/A 2.4.19-woody-security: N/A 2.4.18-woody-security: N/A 2.4.17-woody-security: N/A 2.4.16-woody-security: N/A 2.4.17-woody-security-hppa: N/A 2.4.17-woody-security-ia64: N/A 2.4.18-woody-security-hppa: N/A