[CVE-2011-1090] nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3)

Andy Whitcroft apw at canonical.com
Fri Jul 8 16:00:11 UTC 2011

	The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the
	Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is
	allocated by kmalloc but not properly freed, which allows local
	users to cause a denial of service (panic) via a crafted attempt
	to set an ACL.

This has already been fixed for all releases after hardy.  Following
this email is a backport of this fix for hardy.  This is a relaivly
simple re-application of the original.

Proposing for hardy.


More information about the kernel-team mailing list