Candidate: CVE-2009-3939
Description:
 The poll_mode_io file for the megaraid_sas driver in the Linux kernel 
 2.6.31.6 and earlier has world-writable permissions, which allows local 
 users to change the I/O mode of the driver by modifying this file.
References:
 http://www.openwall.com/lists/oss-security/2009/11/13/1
Notes:
 jmm> Introduced in ad84db2e2e1817bb8a29e7c9108eb66bf023d99f
 jmm> Fixed in bb7d3f24c71e528989501617651b669fbed798cb
Bugs: #562975 (patch available)
upstream: released (2.6.32.5, 2.6.33-rc4)
2.6.32-upstream-stable: released (2.6.32.5) [94249e60370f0094831ba673881222252d799257)]
linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]
2.6.18-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
2.6.24-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch]
2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]