Candidate: CVE-2011-1747
Description:
 > Another problem in agp code is not addressed in the patch - kernel
 > memory exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not
 > checked whether requested pid is a pid of the caller (no check in
 > agpioc_reserve_wrap()).
 > Each allocation is limited to 16KB, though, there is no per-process
 > limit. This might lead to OOM situation, which is not even solved in case of
 > the caller death by OOM killer - the memory is allocated for another
 > (faked) process."
References:
Notes:
 jmm> This can only be triggered by root-equivalent privileges
Bugs:
upstream: needed "no upstream fix as of 2011.08.08"
2.6.32-upstream-stable: needed "no upstream fix as of 2011.06.20"
sid: needed "no upstream fix as of 2011.06.20"
2.6.26-lenny-security: needed "no upstream fix as of 2011.06.20"
2.6.32-squeeze-security: needed "no upstream fix as of 2011.06.20"
3.2-upstream-stable: needed "no upstream fix as of 2011.06.20"