FreeBSD Security Advisory - The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service.
06a17d6d6d665cb7448fdfe9475b3cd86f41e2dbd4f78d7d2cd978834c281738
FreeBSD Security Advisory - The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks.
d672bbe3c1c06396c194b1f5062f4d67d79b24f02a60b7a89344ec0f57fe8219