Peter Osterlund

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.12-rc4 **Description** The issue is related to the pkt ioctl function in the pktcdvd block device ioctl handler, which calls the wrong function before passing an ioctl to the block device. This crosses security boundaries by making kernel address space accessible from user space, allowing local users to cause a denial of service and possibly execute arbitrary code. **Recommendations** For Linux kernel versions prior to 2.6.12-rc4, consider upgrading to a newer version to resolve the issue. As a temporary workaround, restrict access to the pktcdvd block device ioctl handler to minimize the risk of exploitation.