CVE-2011-1090

Priority
Description
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel
before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc
but not properly freed, which allows local users to cause a denial of
service (panic) via a crafted attempt to set an ACL.
Ubuntu-Description
Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data. A remote attacker with access to an NFSv4 mount
could exploit this to crash the system, leading to a denial of service.
Notes
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
Package
Upstream:released (2.6.38~rc8)
More Information

Updated: 2020-03-18 22:05:45 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)