The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service via unspecified vectors. NOTE: some of these details are obtained from third party information. The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through 2.6.23.7 allowed remote attackers to cause a denial of service via crafted ACK responses that trigger a NULL pointer dereference . The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information . VFS in the Linux kernel before 2.6.22.16 performed tests of access mode by using the flag variable instead of the acc_mode variable, which could possibly allow local users to bypass intended permissions and remove directories . The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset . A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges . Mandriva urges all users to upgrade to these new kernels immediately as the CVE-2008-0600 flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected