CVE-2010-1436
First published: Mon Apr 26 2010(Updated: )
Description of problem: Reported by Mario Mikocevic. RHCS with one gfs2 shared on three nodes. Oops-ed while cp-ing from ext3 to gfs2 on one node. Version-Release number of selected component (if applicable): kernel-2.6.18-164.10.1.el5 gfs2-utils-0.1.62-1.el5 cman-2.0.115-1.el5_4.9 lvm2-cluster-2.02.46-8.el5 How reproducible: Always Steps to Reproduce: 1. Setup 3 node RHCS with - /dev/mapper/VolGroup01-LogVol02 on /var/www type gfs2 (rw,noatime,hostdata=jid=0:id=109:first=1,quota=on) 2. cp some data from ext3 to gfs2 Actual results: list_del corruption. next->prev should be ffff8106d401f000, but was 0000000000000000 ----------- [cut here ] --------- [please bite here ] --------- Kernel BUG at lib/list_debug.c:70 invalid opcode: 0000 [1] SMP last sysfs file: /devices/pci0000:00/0000:00:04.0/0000:17:00.0/0000:18:0a.0/0000:1f:00.0/host1/rport-1:0-4/tar get1:0:3/1:0:3:3/state CPU 2 Modules linked in: lock_dlm gfs2 dlm configfs 8021q bonding ipv6 xfrm_nalgo crypto_api ip_conntrack_ftp ip_con ntrack_netbios_ns ipt_LOG ipt_REJECT xt_tcpudp xt_state ip_conntrack nfnetlink iptable_filter ip_tables x_tabl es video hwmon backlight sbs i2c_ec i2c_core button battery asus_acpi acpi_memhotplug ac parport_pc lp parport hpilo sg bnx2 ide_cd pcspkr e1000e serio_raw cdrom dm_raid45 dm_message dm_region_hash dm_mem_cache dm_round_ robin dm_multipath scsi_dh dm_snapshot dm_zero dm_mirror dm_log dm_mod usb_storage ata_piix libata cciss shpch p qla2xxx scsi_transport_fc sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 0, comm: swapper Not tainted 2.6.18-164.10.1.el5 #1 RIP: 0010:[<ffffffff80151a44>] [<ffffffff80151a44>] list_del+0x48/0x71 RSP: 0018:ffff81082ff6bc40 EFLAGS: 00010082 RAX: 0000000000000058 RBX: ffff8106d401f000 RCX: ffffffff80309c28 RDX: ffffffff80309c28 RSI: 0000000000000000 RDI: ffffffff80309c20 RBP: ffff81082d584a40 R08: ffffffff80309c28 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000080 R12: ffff81082cb0e080 R13: ffff8106d401fb00 R14: 0000000000000023 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff81082ff20e40(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 00000000193b0128 CR3: 00000008160f2000 CR4: 00000000000006e0 Process swapper (pid: 0, threadinfo ffff81082ff66000, task ffff81082ff21080) Stack: ffff8106d401f000 ffffffff800daa96 ffff81082ff6bcc0 0000003c00000001 ffff81082cd89818 000000000000003c ffff81082cd89800 ffff81082d584a40 0000000000000000 ffff81082cb0e080 ffff81082d083a00 ffffffff800dac58 Call Trace: <IRQ> [<ffffffff800daa96>] free_block+0xb5/0x143 [<ffffffff800dac58>] cache_flusharray+0x74/0xa3 [<ffffffff80007684>] kmem_cache_free+0x1c2/0x1dd [<ffffffff8827034a>] :dm_mod:dec_pending+0x134/0x18e [<ffffffff88270588>] :dm_mod:clone_endio+0xbf/0xce [<ffffffff88270588>] :dm_mod:clone_endio+0xbf/0xce [<ffffffff8002cde2>] __end_that_request_first+0x23c/0x5bf [<ffffffff88079fde>] :scsi_mod:scsi_end_request+0x27/0xcd [<ffffffff8807a1d2>] :scsi_mod:scsi_io_completion+0x14e/0x324 [<ffffffff88078c8b>] :scsi_mod:scsi_delete_timer+0x12/0x59 [<ffffffff880a7802>] :sd_mod:sd_rw_intr+0x252/0x28c [<ffffffff8807a467>] :scsi_mod:scsi_device_unbusy+0x67/0x81 [<ffffffff80037cfc>] blk_done_softirq+0x5f/0x6d [<ffffffff8001235a>] __do_softirq+0x89/0x133 [<ffffffff8005e2fc>] call_softirq+0x1c/0x28 [<ffffffff8006cb20>] do_softirq+0x2c/0x85 [<ffffffff8006c9a8>] do_IRQ+0xec/0xf5 [<ffffffff8005722b>] mwait_idle+0x0/0x4a [<ffffffff8005d615>] ret_from_intr+0x0/0xa <EOI> [<ffffffff80057261>] mwait_idle+0x36/0x4a [<ffffffff8004943c>] cpu_idle+0x95/0xb8 [<ffffffff8007708a>] start_secondary+0x498/0x4a7 Code: 0f 0b 68 89 53 2b 80 c2 46 00 48 8b 13 48 8b 43 08 48 89 42 RIP [<ffffffff80151a44>] list_del+0x48/0x71 RSP <ffff81082ff6bc40> <0>Kernel panic - not syncing: Fatal exception Expected results: cp succeeds Additional info: I cannot reproduce that with quota=off.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | =2.6.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/04/28/1
- https://bugzilla.redhat.com/show_bug.cgi?id=586006
- http://www.openwall.com/lists/oss-security/2010/04/27/1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://secunia.com/advisories/43315
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58839
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10652
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=586006#c5
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7e619bc3e6252dc746f64ac3b486e784822e9533
- https://rhn.redhat.com/errata/RHSA-2010-0504.html
Frequently Asked Questions
What is the severity of CVE-2010-1436?
CVE-2010-1436 has a medium severity rating due to potential crashes during file operations.
How do I fix CVE-2010-1436?
To fix CVE-2010-1436, upgrade to a patched version of the kernel or related utilities that addresses this vulnerability.
What systems are affected by CVE-2010-1436?
CVE-2010-1436 affects systems running Linux Kernel version 2.6.18 with specific gfs2 and related packages.
What is the impact of CVE-2010-1436 on my system?
The impact of CVE-2010-1436 can lead to system crashes when manipulating files between filesystem types.
Who reported the CVE-2010-1436 vulnerability?
CVE-2010-1436 was reported by Mario Mikocevic.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1436
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.18