Security researchers have uncovered "critical" security flaws in a version of the Linux kernel used by a large number of popular distributions. The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.
They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information, or gain "root" privileges, according to security experts. The bug affects all versions of the Linux kernel up to version 220.127.116.11, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected. The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia.