From Eugene Teo: The new credentials code broke load_flat_shared_library() as it now uses an uninitialised cred pointer, leading to a NULL pointer dereference. This can be triggered by running a shared flat binary. kernel/cred.c was introduced in v2.6.29-rc1 IIRC. References: http://lkml.org/lkml/2009/6/22/91 http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
CVE-2009-2768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2768): The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary.