CVE-2010-2798

Published: 08 September 2010

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

From the Ubuntu security team

Bob Peterson discovered that GFS2 rename operations did not correctly validate certain sizes. A local attacker could exploit this to crash the system, leading to a denial of service.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.35)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=728a756b8fcd22d80e2dbba8117a8a3aafd3f203
Hardy: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/hardy/linux/0001-GFS2-rename-causes-kernel-Oops.txt
Jaunty: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/jaunty/linux/0001-GFS2-rename-causes-kernel-Oops.txt
Karmic: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/karmic/linux/0001-GFS2-rename-causes-kernel-Oops.txt
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream Needs triage

linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream Needs triage

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream Needs triage

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading