Candidate: CVE-2008-5029
Description:
 The __scm_destroy function in net/core/scm.c in the Linux kernel
 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself
 through calls to the fput function, which allows local users to cause
 a denial of service (panic) via vectors related to sending an
 SCM_RIGHTS message through a UNIX domain socket and closing file
 descriptors.
References:
 http://marc.info/?l=linux-netdev&m=122593044330973&w=2
 http://www.openwall.com/lists/oss-security/2008/11/06/1
 https://bugzilla.redhat.com/show_bug.cgi?id=470201
Ubuntu-Description:
Notes:
Bugs:
upstream: released (2.6.26.8)
linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/af_unix-fix-garbage-collector-races.patch, bugfix/af_unix-convert-socks-to-unix_socks.patch, bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch, bugfix/net-fix-recursive-descent-in-__scm_destroy.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/unix-domain-counting-gc.patch, bugfix/unix-domain-recursive-descent.patch, bugfix/unix-domain-recursive-descent-abi-ignore.patch]
2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
2.6.15-dapper-security: needed
2.6.22-gutsy-security: needed
2.6.24-hardy-security: needed
2.6.27-intrepid-security: needed