CVE-2010-0727 — Kernel vulnerability

CWE-39911 documents6 sources

Severity

4.9MEDIUMNVD

NVD4.7

EPSS

0.1%

top 76.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedMar 16

Latest updateMay 2

Description

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

▶NVDlinux/linux_kernel2.6.33.1+1

Also affects: Enterprise Linux 5.0, 6.0, Debian Linux 5.0

Patches

Patch: lkml.org ↗Patch: bugzilla.redhat.com ↗Patch: lkml.org ↗

🔴Vulnerability Details

GHSA

GHSA-xfgm-rcpf-gf3q: The gfs2_lock function in the Linux kernel before 2↗2022-05-02

▶

GHSA

GHSA-f625-g7x4-5whm: The nfs_lock function in fs/nfs/file↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)↗2010-10-05

▶

Exploit-DB

Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)↗2010-04-30

▶

📋Vendor Advisories

Ubuntu

Linux kernel regression↗2010-06-04

▶

Ubuntu

Linux kernel vulnerabilities↗2010-06-03

▶

Red Hat

kernel: bug in GFS/GFS2 locking code leads to dos↗2010-03-11

▶

💬Community

Bugzilla

CVE-2010-0727 kernel: bug in GFS/GFS2 locking code leads to dos↗2010-03-05

▶