The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.
Exploitability
AV:LAC:LAu:NImpact
C:NI:NA:C4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C