Lucene search

[email protected]CVE-2010-2798

HistorySep 08, 2010 - 8:00 p.m.

CVE-2010-2798

2010-09-0820:00:02

CWE-476

[email protected]

web.nvd.nist.gov

cve-2010-2798

gfs2_dirent_find_space

linux kernel

denial of service

null pointer dereference

panic

gfs2 filesystem

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

Affected configurations

NVD

Node

linuxlinux_kernelRange<2.6.35

Node

vmwareesxMatch4.0

vmwareesxMatch4.1

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

Node

debiandebian_linuxMatch5.0

Node

avayaaura_communication_managerMatch5.2

avayaaura_presence_servicesMatch6.0

avayaaura_presence_servicesMatch6.1

avayaaura_presence_servicesMatch6.1.1

avayaaura_session_managerMatch1.1

avayaaura_session_managerMatch5.2

avayaaura_session_managerMatch6.0

avayaaura_system_managerMatch5.2

avayaaura_system_managerMatch6.0

avayaaura_system_managerMatch6.1

avayaaura_system_managerMatch6.1.1

avayaaura_system_platformMatch1.1

avayaaura_system_platformMatch6.0-

avayaaura_system_platformMatch6.0sp1

avayaiqMatch5.0

avayaiqMatch5.1

avayavoice_portalMatch5.0

avayavoice_portalMatch5.1-

avayavoice_portalMatch5.1sp1

Node

opensuseopensuseMatch11.1

suselinux_enterprise_high_availability_extensionMatch11-

suselinux_enterprise_high_availability_extensionMatch11sp1

susesuse_linux_enterprise_desktopMatch11-

susesuse_linux_enterprise_desktopMatch11sp1

susesuse_linux_enterprise_serverMatch11-

susesuse_linux_enterprise_serverMatch11sp1

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.35

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.35

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203

lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

secunia.com/advisories/46397

securitytracker.com/id?1024386

support.avaya.com/css/P8/documents/100113326

www.debian.org/security/2010/dsa-2094

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

www.mandriva.com/security/advisories?name=MDVSA-2010:198

www.openwall.com/lists/oss-security/2010/08/02/1

www.openwall.com/lists/oss-security/2010/08/02/10

www.redhat.com/support/errata/RHSA-2010-0660.html

www.redhat.com/support/errata/RHSA-2010-0670.html

www.redhat.com/support/errata/RHSA-2010-0723.html

www.securityfocus.com/archive/1/520102/100/0/threaded

www.securityfocus.com/bid/42124

www.ubuntu.com/usn/USN-1000-1

www.vmware.com/security/advisories/VMSA-2011-0012.html

bugzilla.redhat.com/show_bug.cgi?id=620300

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Related for CVE-2010-2798

prion1 ubuntucve1 veracode1 nvd1 cvelist1 nessus23 redhat3 suse5 openvas27 fedora2 centos1 osv1 oraclelinux1 debian1 ubuntu4 vmware2