Candidate: CVE-2007-5087
References: 
 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git;a=commitdiff;h=b7ae15e7707050baafe5a35e3d4f2d175197d222
Description: 
 The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is
 enabled, allows local users to cause a denial of service (kernel panic) by
 reading /proc/net/atm/arp before the CLIP module has been loaded.
Ubuntu-Description: 
Notes: 
Bugs: 
 dannf> Vulnerable code was added to 2.4 in:
   http://linux.bkbits.net:8080/linux-2.4/?PAGE=gnupatch&REV=1.1448.44.17
  which was after 2.4.27
 dannf> The commit notes that 2.6 isn't vulnerable because the arp entry is
  handled in clip.c. I've verified this is true for both 2.6.8 and 2.6.18.
upstream: released (2.4.36-pre2)
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: N/A