The key_replace_session_keyring function in security/keys/process_keys.c in
the Linux kernel before 126.96.36.199 does not initialize a certain structure
member, which allows local users to cause a denial of service (NULL pointer
dereference and OOPS) or possibly have unspecified other impact via a
KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different
vulnerability than CVE-2010-2960.
No longer in Portage.