Jani Jaakkola

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.10 through 2.6.11.8 Description: The issue is related to the key user lookup function in the security/keys/key.c file, which may allow attackers to cause a denial of service (oops) via Symmetric Multiprocessing (SMP). Recommendations: For Linux kernel versions 2.6.10 through 2.6.11.8, consider disabling the key user lookup function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: I2C for Linux versions 2.6.x before 2.6.11.8 I2C for Linux versions 2.6.12 before 2.6.12-rc2 Description: The issue allows local users to cause a denial of service by consuming CPU resources. This is achieved by attempting to write to the sysfs "alarms" file, which has write permissions but lacks an associated store function. Recommendations: For I2C for Linux versions 2.6.x before 2.6.11.8, update to version 2.6.11.8 or later. For I2C for Linux versions 2.6.12 before 2.6.12-rc2, update to version 2.6.12-rc2 or later.