CVE-2010-2798

CWE-476 — NULL Pointer Dereference CWE-6829 documents6 sources

Severity

7.8HIGH

EPSS

0.1%

top 83.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

15

Linux Linux Kernel Avaya Aura Communication Manager Avaya Aura Presence Services +12 more

Timeline

PublishedSep 8

Latest updateMay 13

Description

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

▶NVDlinux/linux_kernel< 2.6.35

▶NVDavaya/aura_presence_services6.0, 6.1, 6.1.1+2

▶NVDsuse/suse_linux_enterprise_server11

▶NVDsuse/suse_linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_high_availability_extension11

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-vhhv-wfqv-m6p9: The gfs2_dirent_find_space function in fs/gfs2/dir↗2022-05-13

▶

CVEList

CVE-2010-2798: The gfs2_dirent_find_space function in fs/gfs2/dir↗2010-09-08

▶

📋Vendor Advisories

5

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2010-10-19

▶

Red Hat

kernel: gfs2: rename causes kernel panic↗2010-06-08

▶

💬Community

1

Bugzilla

CVE-2010-2798 kernel: gfs2: rename causes kernel panic↗2010-08-02

▶

CVE-2010-2798 (HIGH CVSS 7.8) | The gfs2_dirent_find_space function | cvebase.io