Published: 28 February 2012
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. "The cifs code will attempt to open files on lookup under certain circumstances. What happens though if we find that the file we opened was actually a FIFO or other special file? Currently, the open filehandle just ends up being leaked leading to a dentry refcount mismatch and oops on umount."
From the Ubuntu security team
A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service.
CVSS 3 base score: 5.5
currently sitting in the master branch of the tree below, waiting on merge with linus: git://git.samba.org/sfrench/cifs-2.6 see: cifs: fix dentry refcount leak when opening a FIFO on lookup now upstream (see below)