As the RedHat bug report explains, it was introduced in this commit (Linux 2.6.33)
cm_dentry = debugfs_create_file("custom_method", S_IWUGO,
acpi_dir, NULL, &cm_fops);S_IWUGO is a macro that grants world writable permissions
#define S_IWUGO (S_IWUSR|S_IWGRP|S_IWOTH)
The fix changes the permissions to S_IWUSR, that is a macro that grants write access to the owner (root)
An exploit already exists for this vulnerability.