Candidate: CVE-2009-4895
Description:
 tty null ptr dereference
References:
 http://bugzilla.kernel.org/show_bug.cgi?id=14605
 http://xorl.wordpress.com/2009/11/30/linux-kernel-tty-null-pointer-dereference-race-condition/
Notes:
 supposedly fixed in redhat kernels (see bug report above)
Bugs:
upstream: released (2.6.33) [80e1e823989ec44d8e35bdfddadbddcffec90424] 
2.6.32-upstream-stable: released (2.6.32.9)
linux-2.6: released (2.6.32-9) [bugfix/all/stable/2.6.32.9.patch]
2.6.26-lenny-security: released (2.6.26-24lenny1) [bugfix/all/fix-race-in-tty_fasync-properly.patch]
2.6.32-squeeze-security: released (2.6.32-9) [bugfix/all/stable/2.6.32.9.patch]