The eisa_eeprom_read function in the parisc isa-eeprom component
(drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6
allows local users to access restricted memory via a negative ppos
argument, which bypasses a check that assumes that ppos is positive
and causes an out-of-bounds read in the readb function.
I believe the bug is fixed in the more recently stable kernels.
vanilla-sources 188.8.131.52 stable from some time already.
Shall I close ?
The work for hppa is done. CC back if security needs something.
No vulnerable sources left in tree.