Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.
Exploitability
AV:LAC:LAu:NImpact
C:NI:NA:C4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C