Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4086 Eric Sandeen reported an issue in the journaling layer for EXT4 filesystems . Local users can cause buffers to be accessed after they have been torn down, resulting in a denial of service due to a system crash. CVE-2012-0879 Louis Rilling reported two reference counting issues in the CLONE_IO feature of the kernel. Local users can prevent io context structures from being freed, resulting in a denial of service. CVE-2012-1601 Michael Ellerman reported an issue in the KVM subsystem. Local users could cause a denial of service by creating VCPUs before a call to KVM_CREATE_IRQCHIP. CVE-2012-2123 Steve Grubb reported in an issue in fcaps, a filesystem-based capabilities system. Personality flags set using this mechanism, such as the disabling of address space randomization, may persist across suid calls. CVE-2012-2133 Shachar Raindel discovered a use-after-free bug in the hugepages quota implementation. Local users with permission to use hugepages via the hugetlbfs implementation may be able to cause a denial of service .