The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. Appears the fix was simple: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 Reproducible: Always
At least fixed for latest 2.6.26/27 * 2.6.26.8 --> gentoo-sources-2.6.26-r4 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commitdiff;h=7afc74502277568d6f9c5a4542fb63e26e272638 * 2.6.27.9 --> gentoo-sources-2.6.27-r6 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commitdiff;h=cd9f58efb861a86283931f3db17aa2a4fe4da642 So, what prevents us from closing this bug? :-)
Added genpatches annotations to Status Whiteboard. Re Comment 1 - the answer is that gentoo-sources is not the only ebuild in the sys-kernel/ namespace and that, for as long as there are affected ebuilds in the tree, the bug remains outstanding, irrespective of whether the more popular ebuilds are unaffected. Removing hardened-kernel as its 2.6.25 incarnation contains 2.6.25.20.
