CVE-2010-2798

Impact:
Important
Public Date:
2010-06-08
IAVA:
2011-A-0147
CWE:
CWE-682->CWE-476
Bugzilla:
620300: CVE-2010-2798 kernel: gfs2: rename causes kernel panic

The MITRE CVE dictionary describes this issue as:

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

Find out more about CVE-2010-2798 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for the GFS2 file system.

A future kernel update in Red Hat Enterprise Linux 5 will address this issue.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) RHSA-2010:0670 2010-09-02
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0660 2010-08-30
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0723 2010-09-29

Acknowledgements

Red Hat would like to thank Grant Diffey of CenITex for reporting this issue.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.