Memory Leak in nfs4_proc_set_acl Function in Linux Kernel

Memory Leak in nfs4_proc_set_acl Function in Linux Kernel

CVE-2011-1090 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.