Submission Summary: 0 pending, 11 declined, 16 accepted (27 total, 59.26% accepted)
However, like previous null pointer dereference issues in the Linux kernel, the vulnerability can only be exploited if the kernel's mmap_min_addr system variable is set to 0. mmap_min_addr describes the lowest virtual address a process can use for mapping. If it is greater than 0, exploits that involve a null-valued pointer to this address won't work. However, as this will also cause certain open source applications like Wine and DOSEMU to malfunction, distributors such as Red Hat and Debian set the respective value to 0 by default. Red Hat has already released updated packages to close the hole. Debian offers instructions on how to change the variable. In Ubuntu, mmap_min_addr is set to 65535, which renders exploits ineffective.
Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse