The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in
the Linux kernel before 22.214.171.124 allows local users to cause a denial of
service (system crash) via a certain sequence of file create, remove, and
overwrite operations, as demonstrated by the insserv program, related to
allocation of "useless pages" and improper maintenance of the i_blocks count.
Fixed in 126.96.36.199 and 188.8.131.52
Beware, the patch introduced an independent bug which was subsequently fixed in 184.108.40.206 and 220.127.116.11 respectively:
"fbdefio: add set_page_dirty handler to deferred IO FB"
Anyhow, hardened-kernel unaffected at present time. Removing alias.
PS: genpatches-2.6.25-10 added 18.104.22.168. genpatches-2.6.25-3 added 22.214.171.124.