CVE-2010-2798

Priority
Medium
Description
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel
before 2.6.35 uses an incorrect size value in calculations associated with
sentinel directory entries, which allows local users to cause a denial of
service (NULL pointer dereference and panic) and possibly have unspecified
other impact by renaming a file in a GFS2 filesystem, related to the
gfs2_rename function in fs/gfs2/ops_inode.c.
Ubuntu-Description
Bob Peterson discovered that GFS2 rename operations did not correctly
validate certain sizes. A local attacker could exploit this to crash the
system, leading to a denial of service.
References
Assigned-to
bradf
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.35)
Patches:
upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=728a756b8fcd22d80e2dbba8117a8a3aafd3f203
Hardy:http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/hardy/linux/0001-GFS2-rename-causes-kernel-Oops.txt
Jaunty:http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/jaunty/linux/0001-GFS2-rename-causes-kernel-Oops.txt
Karmic:http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2798/patches/karmic/linux/0001-GFS2-rename-causes-kernel-Oops.txt
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:38:47 UTC (commit 9756)