CVE-2011-0714

Published: 4 May 2011

Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function.

Notes

probably RH specific. Needs to be checked.

confirmed this bug only exists in a specific backport of b48fa6b9
which we have not so done on any Ubuntu kernel.

Status

References

• http://openwall.com/lists/oss-security/2011/03/08/17
• https://www.cve.org/CVERecord?id=CVE-2011-0714
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=678144