The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
{ "binaries": [ { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "libafsauthent1" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "libafsrpc1" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "libkopenafs1" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "libopenafs-dev" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "libpam-openafs-kaserver" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-client" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-dbserver" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-fileserver" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-fuse" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-kpasswd" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-krb5" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-modules-dkms" }, { "binary_version": "1.6.7-1ubuntu1.1", "binary_name": "openafs-modules-source" } ], "availability": "No subscription required" }