Candidate: CVE-2006-5754
References: 
 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220971
Description: 
 The aio_setup_ring function in Linux kernel does not properly initialize a
 variable, which allows local users to cause a denial of service (crash) via
 an unspecified error path that causes an incorrect free operation.
Ubuntu-Description: 
Notes: 
 jmm> 3e45a10919b3bc290147d81a4eb0117f019ba16a
 dannf> From the description, I'm assuming this is the fix:
   http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=418e67e3jfC3msWLXzcdTkI10dwtEg
   'aio: remove incorrect initialization of "nr_pages"'
Bugs: 
upstream: released (2.6.10-rc2)
linux-2.6: released (2.6.10-1)
2.6.18-etch-security: N/A
2.6.8-sarge-security: released (2.6.8-16sarge7) [aio-fix-nr_pages-init.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A