Problem Description:
System calls operating on file descriptors obtain a
reference to relevant struct file which due to a programming
error was not always put back, which in turn could be used
to overflow the counter of affected struct file.
Impact:
A local user can use this flaw to obtain access to files,
directories, sockets, etc., opened by processes owned by
other users. If obtained struct file represents a directory
from outside of user's jail, it can be used to access files
outside of the jail. If the user in question is a jailed
root they can obtain root privileges on the host system.