PT-2010-3124 · Linux+1 · Linux Kernel+1

Published

2010-05-21

Updated

2024-06-15

CVE-2010-1436

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.18

Description The issue allows local users to cause a denial of service, resulting in a kernel panic, by exploiting improper handling of the gfs2 quota struct when it occupies two separate pages. This can be achieved through certain manipulations that cause an out-of-bounds write, such as writing from an ext3 file system to a gfs2 file system.

Recommendations For Linux kernel version 2.6.18, consider applying a patch or configuration change to properly handle the gfs2 quota struct to prevent out-of-bounds writes. As a temporary workaround, restrict access to the gfs2 file system to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2010-1436

OPENSUSE-SU-2024:10128-1

RHSA-2010:0504

RHSA-2010_0504

Affected Products

Linux Kernel

Red Hat

PT-2010-3124 · Linux+1 · Linux Kernel+1

CVE-2010-1436

Weakness Enumeration

Related Identifiers

Affected Products

References · 228