|Bugzilla:||570863: CVE-2010-0727 kernel: bug in GFS/GFS2 locking code leads to dos|
The MITRE CVE dictionary describes this issue as:
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
Red Hat is aware of this issue and is tracking it via the following bug:
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG, as it did not include support for the GFS and GFS2 file systems.
For the GFS issue, it was addressed in Red Hat Enterprise Linux 3 in the gfs package, 4 in the GFS-kernel package, and 5 in the gfs-kmod package, via https://rhn.redhat.com/errata/RHSA-2010-9493.html, https://rhn.redhat.com/errata/RHSA-2010-9494.html, https://rhn.redhat.com/errata/RHSA-2010-0291.html respectively.
For the GFS2 issue, it was addressed in Red Hat Enterprise Linux 5 in the kernel package via https://rhn.redhat.com/errata/RHSA-2010-0178.html.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|RHEL Cluster-Storage (v. 5.4.Z server) (gfs-kmod)||RHSA-2010:0521||July 08, 2010|
|RHEL Cluster-Storage version 5 (gfs-kmod)||RHSA-2010:0291||March 29, 2010|
|Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel)||RHSA-2010:0380||April 27, 2010|
|Red Hat Enterprise Linux version 5 (kernel)||RHSA-2010:0178||March 29, 2010|
|Red Hat Global File System 3AS (GFS)||RHSA-2010:0330||March 30, 2010|
|Red Hat Global File System 4AS (GFS-kernel)||RHSA-2010:0331||March 30, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.