Candidate: CVE-2009-0835
Description:
 The __secure_computing function in kernel/seccomp.c in the seccomp subsystem
 in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when
 CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process
 making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
 allows local users to bypass intended access restrictions via crafted syscalls
 that are misinterpreted as (a) stat or (b) chmod, a related issue to
 CVE-2009-0342 and CVE-2009-0343. 
References:
 http://marc.info/?l=linux-kernel&m=123579056530191&w=2
 http://marc.info/?l=linux-kernel&m=123579069630311&w=2
 http://marc.info/?l=oss-security&m=123597627132485&w=2
 http://lkml.org/lkml/2009/2/28/23
 http://scary.beasts.org/security/CESA-2009-001.html
 http://scary.beasts.org/security/CESA-2009-004.html
 http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html
 https://bugzilla.redhat.com/show_bug.cgi?id=487255 
Ubuntu-Description:
Notes:
 jmm> CONFIG_SECCOMP has only been enabled in 2.6.26. Since it's ultra-obscure
 jmm> and mostly unused anyway, we can likely mark in N/A for 2.6.18 and 2.6.24
 jmm> Dann, what do you think?
 dannf> agreed
Bugs:
upstream: released (2.6.28.8, 2.6.29) [1ab4bad21786384ff68dc6576d021acd4e42d8ce, 5b1017404aea6d2e552e991b3fd814d839e9cd67]
linux-2.6: released (2.6.29-1)
2.6.18-etch-security: N/A
2.6.24-etch-security: N/A
2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/seccomp-fix-32+64-syscall-hole.patch]
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security: