Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. Solution: apply patch: http://groups.google.com/group/linux.kernel/browse_thread/thread/13bde11d06876040 Reproducible: Always
[linux < 2.6.23.15] a0209f336a1dff0363b558a972eb71eef74e0084 also in 2.6.24 as ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5 and 5a211a5deabcafdc764817d5b4510c767d317ddc ? [gp < 2.6.23-8]