CVE-2010-1087

Published Apr 6, 2010

Last updated a year ago

CVSS info 7.8

Overview

Description: The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Vendor comments

Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1087 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include the upstream commit 150030b7 that had introduced the problem. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00A013EC-2A01-4AE5-9575-F79142CCC9CD",
            "versionEndExcluding": "2.6.33",
            "versionStartIncluding": "2.6.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DB53511-E1B0-4F81-BE9E-B52E84E9C30E"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207306A0-19F5-4E49-945C-A5E4DD442459"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DE43C00-5967-44A1-ACEB-B7AF66EEBB53"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B33B5E4B-FCB3-4343-B992-F0ADB853754B"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7295BBE-A9E3-44F6-9DD6-0FD6C2591E11"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References