The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in
the Linux kernel before 184.108.40.206 allows local users to cause a denial of
service (system crash) via a certain sequence of file create, remove, and
overwrite operations, as demonstrated by the insserv program, related to
allocation of "useless pages" and improper maintenance of the i_blocks count.
Fixed in 220.127.116.11 and 18.104.22.168
Beware, the patch introduced an independent bug which was subsequently fixed in 22.214.171.124 and 126.96.36.199 respectively:
"fbdefio: add set_page_dirty handler to deferred IO FB"
Anyhow, hardened-kernel unaffected at present time. Removing alias.
PS: genpatches-2.6.25-10 added 188.8.131.52. genpatches-2.6.25-3 added 184.108.40.206.