VYPR
← All advisories
Unrated severityNVD Advisory· Published May 4, 2011· Updated Apr 29, 2026

CVE-2011-0714

CVE-2011-0714

Description

Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free in Linux kernel's RPC server sockets on RHEL 6 allows remote denial of service via malformed packet.

Vulnerability

A use-after-free vulnerability exists in the RPC server sockets implementation of the Linux kernel, specifically in the svc_xprt_received function, related to the lockd service. The flaw affects the kernel version 2.6.32 as shipped with Red Hat Enterprise Linux 6 due to an incomplete backport of upstream commit b48fa6b9 [4]. A remote attacker can trigger the use-after-free by sending a malformed data packet to the target system [1][2][3].

Exploitation

An attacker requires network access to the target system and no authentication is needed. The attacker sends a specially crafted, corrupted packet to the RPC server. The packet is processed by the lockd service, which calls svc_xprt_received on a socket that has already been freed, leading to a use-after-free condition [1][2][3].

Impact

Successful exploitation results in a denial of service (DoS) by causing a kernel crash. No data compromise or privilege escalation is reported; the impact is limited to system availability [1][2][3].

Mitigation

Red Hat released updated kernel packages as part of RHSA-2011-0329 to fix this issue [1]. Users should apply the update and reboot the system. No workarounds are available. This vulnerability only affects Red Hat Enterprise Linux 6; RHEL 4, 5, and Red Hat Enterprise MRG are not affected [4].

References
  1. https://rhn.redhat.com/errata/RHSA-2011-0329.html
  2. security - Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd
  3. security - CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd
  4. deficiency in handling of invalid data packets in lockd

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.