kernel is vulnerable to authorization bypass. A flaw was found in the Linux kernel’s XFS file system implementation. The file handle lookup could return an invalid inode as valid. If an XFS file system was mounted via NFS (Network File System), a local attacker could access stale data or overwrite existing data that reused the inodes.
article.gmane.org/gmane.comp.file-systems.xfs.general/33767
article.gmane.org/gmane.comp.file-systems.xfs.general/33768
article.gmane.org/gmane.comp.file-systems.xfs.general/33769
article.gmane.org/gmane.comp.file-systems.xfs.general/33771
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/kernel.html#id3512212
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa
oss.sgi.com/archives/xfs/2010-06/msg00191.html
oss.sgi.com/archives/xfs/2010-06/msg00198.html
secunia.com/advisories/42758
secunia.com/advisories/43161
secunia.com/advisories/46397
support.avaya.com/css/P8/documents/100113326
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
www.openwall.com/lists/oss-security/2010/08/18/2
www.openwall.com/lists/oss-security/2010/08/19/5
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0723.html
www.securityfocus.com/archive/1/520102/100/0/threaded
www.securityfocus.com/bid/42527
www.ubuntu.com/usn/USN-1041-1
www.ubuntu.com/usn/USN-1057-1
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0070
www.vupen.com/english/advisories/2011/0280
access.redhat.com/errata/RHSA-2010:0723
bugzilla.redhat.com/show_bug.cgi?id=624923