Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322
https://exchange.xforce.ibmcloud.com/vulnerabilities/18849
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://www.trustix.org/errata/2005/0001/
http://www.securityfocus.com/bid/12244
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
http://www.redhat.com/support/errata/RHSA-2005-016.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.debian.org/security/2006/dsa-1082
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1067
http://securitytracker.com/id?1012862
http://secunia.com/advisories/20338
http://secunia.com/advisories/20202
http://secunia.com/advisories/20163
http://secunia.com/advisories/13822
http://marc.info/?l=bugtraq&m=110581146702951&w=2
http://marc.info/?l=bugtraq&m=110554694522719&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930