Candidate: CVE-2007-0006 References: http://bugzilla.kernel.org/show_bug.cgi?id=7727 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ad0830f307bcd8dc285cfae58998d43b21727f4 Description: The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." Ubuntu-Description: Notes: Bugs: 398470 upstream: released (2.6.21, 2.6.20.2) linux-2.6: released (2.6.20-1) 2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/keys-serial-num-collision.patch] 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.6.15-dapper-security: released (2.6.15-28.53) 2.6.17-edgy-security: released (2.6.17.1-11.37)