DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to an array indexing error within the "gdth_read_event()" function in drivers/scsi/gdth.c, which can be exploited by sending a specially crafted IOCTL to the driver. SOLUTION: Fixed in the GIT repository.
CVE-2009-3080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3080): Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
@Kernel: Please back-port this issue in the next 2.6.31 release.