CVE-2011-1090

Priority
Description
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel
before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc
but not properly freed, which allows local users to cause a denial of
service (panic) via a crafted attempt to set an ACL.
Ubuntu-Description
Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data. A remote attacker with access to an NFSv4 mount
could exploit this to crash the system, leading to a denial of service.
Notes
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
More Information

Updated: 2019-12-05 20:56:44 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)