Klondike

**Name of the Vulnerable Software and Affected Versions** pax-linux versions 2.6.32.33-test79.patch, 2.6.37.4-test14.patch, 2.6.38-test3.patch **Description** A locally exploitable DOS issue was found in pax-linux. It is caused by a bad bounds check in `arch get unmapped area topdown` triggered by programs doing an `mmap` after a `MAP GROWSDOWN` `mmap`, creating an infinite loop condition without releasing the VM semaphore, eventually leading to a system crash. **Recommendations** For version 2.6.32.33-test79.patch, consider disabling the `arch get unmapped area topdown` function to prevent the infinite loop condition. For version 2.6.37.4-test14.patch, restrict the use of `mmap` with `MAP GROWSDOWN` to minimize the risk of exploitation. For version 2.6.38-test3.patch, avoid using `mmap` after `MAP GROWSDOWN` `mmap` until the issue is resolved.