a double-free is a well known bug class, known to be exploitable in several heap
implementations. there're also other well known heap related bugs that are exploitable, linux
being no exception to that (check http://www.phrack.com/issues.html?issue=64&id=6). in other
words, in these cases you don't need to trigger the bug in order to tell it poses a security
risk. whether that's some 'harmless oops' or a kernel crash (DoS) or something more serious
can be determined later, but the important point is to *mention* the very fact in the commit
so that more competent people can pick it out and do more analysis if needed. of course these
same competent people have already learned to read between the lines and will pick such
commits out, but the general public and the less security-aware developers/distro
maintainers/etc will be left in the dust - that doesn't help improve linux security.
and you can say a lot of things about Al Viro, but incompetence isn't it, he knows full well
what kind of memory corruption bugs are potential security issues.