kernel/signal
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
Exploitability
AV:L
AC:L
Au:N
Impact
C:N
I:P
A:P
3.6/AV:L/AC:L/Au:N/C:N/I:P/A:P