CVE-2011-1090 (retired)

Priority
Description
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel
before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc
but not properly freed, which allows local users to cause a denial of
service (panic) via a crafted attempt to set an ACL.
Ubuntu-Description
Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data. A remote attacker with access to an NFSv4 mount
could exploit this to crash the system, leading to a denial of service.
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
More Information

Updated: 2019-03-26 11:55:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)