vulnerability CVE-2010-1436

Linux kernel: memory corruption via GFS2

Synthesis of the vulnerability

A local attacker can manipulate files on a GFS2 filesystem, in order to create a denial of service and possibly to execute code.

Severity: 2/4. Creation date: 27/04/2010.

Description of the vulnerability

The Linux kernel supports GFS (Global File System). When quotas are enabled, the kernel uses the gfs2_quota structure to store information on files. This structure can be distributed on two memory pages. However, data are not correctly located on the second page, which corrupts the memory. A local attacker can therefore manipulate files on a GFS2 filesystem, in order to create a denial of service and possibly to execute code.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Linux kernel: memory corruption via GFS2. Keywords: File GFS GFS2 Global Linux System corruption gfs2_quota kernel memory. Identifiers: 586006, BID-39715, CVE-2010-1436, RHSA-2010:0504-01, VIGILANCE-VUL-9615.

Information sources

Publications and announces Source example: Bug 586006 - kernel: gfs2 buffer overflow

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins