Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system"s USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system"s USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4 system call on the alpha architecture permitting local users to gain elevated privileges. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion . CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System . A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768