Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Feb 2014 15:04:11 +0530 (IST)
From: P J P <>
To: oss security list <>
Subject: CVE request: Linux kernel: nfs: information leakage


Linux kernel build with the NFS file system(CONFIG_NFS_FS) along with the 
support for NFSv4 protocol(CONFIG_NFS_V4) is vulnerable to an information 
leakage flaw. It could occur while writing to a file wherein NFS server has 
offered write delegation to the client. Such delegation allows NFS client to 
perform the said operation locally without instant interaction with the 

A user/program could use this flaw to leak kernel memory bytes.

Upstream fix:


Thank you.
Prasad J Pandit / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ