Candidate: CVE-2006-2935
References: 
 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
Description: 
 The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c
 in Linux kernel 2.2.16, and later versions, assigns the wrong value to a
 length variable, which allows local users to execute arbitrary code via a
 crafted USB Storage device that triggers a buffer overflow.
Ubuntu-Description:
 A buffer overflow has been discovered in the dvd_read_bca() function.
 By inserting a specially crafted DVD, USB stick, or similar
 automatically mounted removable device, a local user could crash the
 machine or potentially even execute arbitrary code with full root
 privileges.
Notes: 
 dannf> Submitted to Adrian Bunk for inclusion in 2.6.16.y
Bugs: 
upstream: released (2.6.17.7)
linux-2.6: released (2.6.17-5)
2.6.8-sarge-security: released (2.6.8-16sarge5) [cdrom-bad-cgc.buflen-assign.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge4) [224_cdrom-bad-cgc.buflen-assign.diff]
2.6.10-hoary-security: released (2.6.10-34.23)
2.6.12-breezy-security: released (2.6.12-10.37)
2.6.15-dapper-security: released (2.6.15-26.46)
2.6.17-edgy: released (2.6.17-10.30)