The user_update function in security/keys/user_defined.c in the Linux ...

fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.

The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."

Security update for Kernel

ELSA-2011-1386: kernel security, bug fix, and enhancement update (IMPORTANT)

ELSA-2012-0107: kernel security and bug fix update (IMPORTANT)

ELSA-2011-1479: kernel security, bug fix, and enhancement update (IMPORTANT)