The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
marc.info/?l=linux-kernel&m=120949204519706&w=2
marc.info/?l=linux-kernel&m=120949204619718&w=2
marc.info/?l=linux-kernel&m=120949582428998&w=2
secunia.com/advisories/30017
secunia.com/advisories/30044
secunia.com/advisories/30260
secunia.com/advisories/30515
wiki.rpath.com/Advisories:rPSA-2008-0157
wiki.rpath.com/wiki/Advisories:rPSA-2008-0157
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
www.mandriva.com/security/advisories?name=MDVSA-2008:109
www.mandriva.com/security/advisories?name=MDVSA-2008:167
www.securityfocus.com/archive/1/491566/100/0/threaded
www.securityfocus.com/archive/1/491732/100/0/threaded
www.securityfocus.com/bid/29014
www.securitytracker.com/id?1019960
www.vupen.com/english/advisories/2008/1406/references
exchange.xforce.ibmcloud.com/vulnerabilities/42132
issues.rpath.com/browse/RPL-2501
usn.ubuntu.com/614-1/
www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html