Candidate: CVE-2009-3889
Description:
 The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 
 2.6.27 has world-writable permissions, which allows local users to change 
 the (1) behavior and (2) logging level of the driver by modifying this file.
References:
 http://www.openwall.com/lists/oss-security/2009/11/13/1
 https://bugzilla.redhat.com/show_bug.cgi?id=526068
Notes:
 poll_mode_io aspect of this issue got its own id, CVE-2009-3939
Bugs:
upstream: released (2.6.27) [66dca9b8]
linux-2.6: released (2.6.27-1)
2.6.18-etch-security: N/A (Vulnerable code not present)
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]