CVE-2010-2798
Published: 08 September 2010
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
From the Ubuntu security team
Bob Peterson discovered that GFS2 rename operations did not correctly validate certain sizes. A local attacker could exploit this to crash the system, leading to a denial of service.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.35)
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=728a756b8fcd22d80e2dbba8117a8a3aafd3f203 Hardy: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/hardy/linux/0001-GFS2-rename-causes-kernel-Oops.txt Jaunty: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/jaunty/linux/0001-GFS2-rename-causes-kernel-Oops.txt Karmic: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/karmic/linux/0001-GFS2-rename-causes-kernel-Oops.txt |
||
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|