Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.
http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html
http://www.novell.com/linux/security/advisories/2004_44_kernel.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://marc.info/?l=bugtraq&m=110306397320336&w=2
http://linux.bkbits.net:8080/linux-2.6/gnupatch%4041ae6af1cR3mJYlW6D8EHxCKSxuJiQ