CVE-2008-3534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534): The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
Fixed in 2.6.25.14 and 2.6.26.1
Beware, the patch introduced an independent bug which was subsequently fixed in 2.6.25.17 and 2.6.26.4 respectively: "fbdefio: add set_page_dirty handler to deferred IO FB" http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d847471d063663b9f36927d265c66a270c0cfaab Anyhow, hardened-kernel unaffected at present time. Removing alias. PS: genpatches-2.6.25-10 added 2.6.25.14. genpatches-2.6.25-3 added 2.6.26.1.