kernel: do_io_submit() infoleak
Integer overflow in the doiosubmit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the iosubmit system call...