CVE-2010-1436

Severity

49%

Complexity

39%

Confidentiality

115%

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system.

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 14 years ago

2010-05-21 17:30:00

Last updated 6 years ago

2018-10-10 19:57:00

Affected Software

Linux Kernel 2.6.18

2.6.18

References

43315

[oss-security] 20100427 CVE request - gfs2 kernel issue

[oss-security] 20100427 Re: CVE request - gfs2 kernel issue

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

https://bugzilla.redhat.com/show_bug.cgi?id=586006

Exploit

kernel-gfs2quota-dos(58839)

oval:org.mitre.oval:def:10652

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.