Candidate: CVE-2009-1046
Description:
 The console selection feature in the Linux kernel 2.6.28 before
 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8
 console is used, allows physically proximate attackers to cause
 a denial of service (memory corruption) by selecting a small
 number of 3-byte UTF-8 characters, which triggers an "an
 off-by-two memory error." NOTE: it is not clear whether this issue
 crosses privilege boundaries. 
References:
 http://lists.openwall.net/linux-kernel/2009/01/30/333
 http://lists.openwall.net/linux-kernel/2009/02/02/364
 http://www.openwall.com/lists/oss-security/2009/02/12/10
 http://www.openwall.com/lists/oss-security/2009/02/12/11
 http://www.openwall.com/lists/oss-security/2009/02/12/9
 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4 
Ubuntu-Description:
Notes:
Bugs:
upstream: released (2.6.28.4, 2.5.29-rc4)
linux-2.6: released (2.6.29-1)
2.6.18-etch-security: N/A "Appears to have been introduced by 759448f in 2.6.23-rc1"
2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security: