CVE-2009-1243 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1243): net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure."
The code in kernel versions earlier than 2.6.29 is quite different and, as such, I am not at all convinced that they are affected (despite the lengthy list presented by NIST). Note also that Red Hat officially issued this statement: "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG." https://www.redhat.com/security/data/cve/CVE-2009-1243.html Well, RHEL4 was based on 2.6.9 and RHEL5 was based on 2.6.18. Surely, they haven't been hiding the fix from us all that time!