CVE-2013-2596 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2596): Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. Does this affect any LTS kernels?
(In reply to GLSAMaker/CVETool Bot from comment #0) > Does this affect any LTS kernels? Yes, this is fixed in: 3.0.75 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.75 3.4.42 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.42 3.2.45 - https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.45
Yep, fix in 3.9 onwards.