The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
downloads.avaya.com/css/P8/documents/100145416
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
openwall.com/lists/oss-security/2011/03/15/14
openwall.com/lists/oss-security/2011/03/15/9
rhn.redhat.com/errata/RHSA-2011-0833.html
securityreason.com/securityalert/8189
securitytracker.com/id?1025225
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
www.pre-cert.de/advisories/PRE-SA-2011-02.txt
www.securityfocus.com/archive/1/517050
www.securityfocus.com/bid/46878
www.spinics.net/lists/mm-commits/msg82737.html
bugzilla.redhat.com/show_bug.cgi?id=688021