“The hole is reportedly contained in pipe.c and can occur in
certain circumstances when using the pipe_read_open(),
pipe_write_open() or pipe_rdwr_open() functions while releasing a
mutex (mutual exclusion) too early – which constitutes a
classic race condition. So far, the flaw has only been fixed in
release candidate 6 of the forthcoming version 2.6.32.“However, like previous null pointer dereference issues in the
Linux kernel, the vulnerability can only be exploited if the
kernel’s mmap_min_addr system variable is set to 0.”