medium
4.9
CWE
399
Advisory Published
CVE Published
CVE Published
Updated

CVE-2010-0727

First published: Fri Mar 05 2010(Updated: )

Reported internally. static int gfs_lock(struct file *file, int cmd, struct file_lock *fl) { .. if ((ip-&gt;i_di.di_mode &amp; (S_ISGID | S_IXGRP)) == S_ISGID) return -ENOLCK; .. } This is a check for mandatory locking where the GFS locking code will skip the lock in case sgid bits are set for the file. This is similar to <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2007-6733 Kernel BUG at locks:1799" href="show_bug.cgi?id=218777">bz 218777</a> which affected RHEL 4 NFS shares on the client. The reproducer from <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2007-6733 Kernel BUG at locks:1799" href="show_bug.cgi?id=218777#c1">https://bugzilla.redhat.com/show_bug.cgi?id=218777#c1</a> (private) can be used to crash a system mounting a GFS filesystem. I was able to reproduce this on 2.6.18-164.11.1 with kmod-gfs-0.1.34-2.el5 ----------- [cut here ] --------- [please bite here ] --------- Kernel BUG at fs/locks.c:2080 invalid opcode: 0000 [1] SMP last sysfs file: /kernel/dlm/gfs-sachin/id CPU 0 Modules linked in: gfs(U) lock_dlm gfs2 dlm configfs netloop netbk blktap blkbk ipt_MASQUERADE iptable_nat ip_nat xt_state ip_conntrack nfnetlink ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc iscsi_tcp bnx2i cnic uio cxgb3i cxgb3 8021q libiscsi_tcp ib_iser libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi ib_srp rds ib_sdp ib_ipoib ipoib_helper ipv6 xfrm_nalgo crypto_api rdma_ucm rdma_cm ib_ucm ib_uverbs ib_umad ib_cm iw_cm ib_addr ib_sa ib_mad ib_core loop dm_emc dm_round_robin dm_multipath scsi_dh video hwmon backlight sbs i2c_ec i2c_core button battery asus_acpi ac parport_pc lp parport sr_mod sg joydev pcspkr i5000_edac edac_mc qla2xxx bnx2 ata_piix libata scsi_transport_fc serial_core serio_raw ide_cd cdrom dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod usb_storage shpchp mptsas mptscsih mptbase scsi_transport_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hc Pid: 12585, comm: crash Tainted: G 2.6.18-164.11.1.HOTFIX.el5xen #1 RIP: e030:[&lt;ffffffff80227976&gt;] [&lt;ffffffff80227976&gt;] locks_remove_flock+0xe4/0x124 RSP: e02b:ffff88003ff5de28 EFLAGS: 00010246 RAX: ffff88005275b3f8 RBX: ffff88003fb405b0 RCX: 7fffffffffffffff RDX: 0000000000000000 RSI: 0000000000000007 RDI: ffffffff8052d800 RBP: ffff8800512d23c0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88003ff5de28 R11: 00000000000000b0 R12: ffff88003fb404b0 R13: ffff88003fb404b0 R14: ffff8800545af0c0 R15: ffff88003fed64b0 FS: 00002b71ceb65210(0000) GS:ffffffff805ca000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 Process crash (pid: 12585, threadinfo ffff88003ff5c000, task ffff880060288040) Stack: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003129 0000000000000000 0000000000000000 0000000000000000 Call Trace: [&lt;ffffffff802132d8&gt;] __fput+0x94/0x198 [&lt;ffffffff802240af&gt;] filp_close+0x5c/0x64 [&lt;ffffffff8021e2c7&gt;] sys_close+0x88/0xbd [&lt;ffffffff802602f9&gt;] tracesys+0xab/0xb6

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/gfs-kmod<0:0.1.34-12.el5
0:0.1.34-12.el5
redhat/kernel<0:2.6.18-194.el5
0:2.6.18-194.el5
redhat/gfs-kmod<0:0.1.34-2.el5_4.3
0:0.1.34-2.el5_4.3
redhat/kernel<0:2.6.18-164.17.1.el5
0:2.6.18-164.17.1.el5
Linux Kernel<=2.6.33.1
Debian Linux=5.0
Red Hat Enterprise Linux=6.0
Red Hat Enterprise Linux=5.0
<=2.6.33.1
=5.0
=5.0
=6.0

Remedy

http://lkml.org/lkml/2010/3/11/269

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=570863

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2010-0727?

    CVE-2010-0727 is considered to have a moderate severity due to potential issues with mandatory file locking.

  • How do I fix CVE-2010-0727?

    To mitigate CVE-2010-0727, upgrade affected packages to the versions specified in the remediation section of the vulnerability report.

  • What versions of the gfs-kmod package are affected by CVE-2010-0727?

    The gfs-kmod package versions prior to 0:0.1.34-12.el5 and 0:0.1.34-2.el5_4.3 are affected by CVE-2010-0727.

  • Which kernel versions are impacted by CVE-2010-0727?

    Kernel versions up to 0:2.6.18-194.el5 and 0:2.6.18-164.17.1.el5 are impacted by CVE-2010-0727.

  • What is the nature of the vulnerability in CVE-2010-0727?

    CVE-2010-0727 involves issues in the GFS locking mechanism regarding mandatory locks that could result in file access conflicts.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203