Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for a (1) XFSIOCATTRLISTBYHANDLE or (2) XFSIOCATTRLISTBYHANDLE32 ioctl call with a crafted length value, related to the xfsattrlistbyhandle function in fs/xfs/xfsioctl.c and the xfscompatattrlistbyhandle function in fs/xfs/xfsioctl32.c.