Paul Starzetz discovered a race condition in the Linux page fault
handler code. This allowed an unprivileged user to gain root
privileges on multiprocessor machines under some circumstances.
This also affects the Hyper-Threading mode on Pentium 4 processors.
Brad Spengler discovered that some device drivers used
copy_from_user() (a function to copy data from userspace tools into
kernel memory) with insufficient input validation. This potentially
allowed users and/or malicious hardware to overwrite kernel memory
which could result in a crash (Denial of Service) or even root
Additionally, this update corrects the SMB file system driver.
USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883, CAN-2004-0949). However, it was found that these new validation checks
were too strict, which cause some valid operations to fail.