PaX has a flaw that allows unprivileged users to execute arbitrary code with the privileges of a binary that executes setuid or setgid.
7e39dbcce3e6135a21aa20176ace9d0c41dc2f78632fcaf5c8e3f1d7ea79cf4e
PaX is an implementation of non-executable pages for IA-32 processors (i.e. pages which user mode code can read or write, but cannot execute code in). Since the processor's native page table/directory entry format has no provision for such a feature, it is a non-trivial task. The project was designed to provide Linux with protection from buffer overflows. Making parts of the memory pages read/write access enabled, but not executable provides the protection.
faea474553fd29e84faa95776278103cf2b75309de15c8d6b107fc9b912fa570