CVE-2010-1436

Impact:
Important
Public Date:
2010-01-15
IAVA:
2011-A-0066
CWE:
CWE-119
Bugzilla:
586006: CVE-2010-1436 kernel: gfs2 buffer overflow

The MITRE CVE dictionary describes this issue as:

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system.

Find out more about CVE-2010-1436 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system.

A future kernel update in Red Hat Enterprise Linux 5 will address this issue.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0504 2010-07-01

Acknowledgements

Red Hat would like to thank Mario Mikocevic for responsibly reporting this issue.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.