Candidate: CVE-2009-3043
Description:
 The tty ldisc code was rewritten to use proper reference counts (commits 
 65b770468e98 and cbe9352fa08f) in order to avoid a race with hangup, but 
 it also introduced another bug that can result in various problems such 
 as a NULL pointer dereference in run_timer_softirq() or a BUG() in 
 worker_thread. More info in the patch.
References:
 http://git.kernel.org/linus/5c58ceff103d8a654f24769bb1baaf84a841b0cc
 http://lkml.org/lkml/2009/8/20/27
 http://lkml.org/lkml/2009/8/20/68
 http://lkml.org/lkml/2009/8/20/21
Ubuntu-Description:
Notes:
 Introduced in commits c65c9bc3 and c8d50041.
Bugs:
upstream: released (2.6.31) [5c58ceff103d8a654f24769bb1baaf84a841b0cc]
linux-2.6: released (2.6.31-1)
2.6.18-etch-security: N/A "introduced in 2.6.31-rc1"
2.6.24-etch-security: N/A "introduced in 2.6.31-rc1"
2.6.26-lenny-security: N/A "introduced in 2.6.31-rc1"
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security: