CVE-2010-2521: Buffer Overflow
First published: Wed Jul 07 2010(Updated: )
Description of problem: When read_buf is called to move over to the next page in the pagelist of an NFSv4 request, it sets argp->end to essentially a random number, certainly not an address within the page which argp->p now points to. So subsequent calls to READ_BUF will think there is much more than a page of spare space (the cast to u32 ensures an unsigned comparison) so we can expect to fall off the end of the second page. We never encountered this in testing because typically the only operations which use more than two pages are write-like operations, which have their own decoding logic. Something like a getattr after a write may cross a page boundary, but it would be very unusual for it to cross another boundary after that. Upstream commit: <a href="http://git.kernel.org/linus/2bc3c1179c781b359d4f2f3439cb3df72afc17fc">http://git.kernel.org/linus/2bc3c1179c781b359d4f2f3439cb3df72afc17fc</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | =2.6.11 | |
| Linux Linux kernel | =2.6.23.4 | |
| Linux Linux kernel | =2.6.16.16 | |
| Linux Linux kernel | =2.6.18.7 | |
| Linux Linux kernel | =2.6.17.12 | |
| Linux Linux kernel | =2.6.16.9 | |
| Linux Linux kernel | =2.6.17.9 | |
| Linux Linux kernel | =2.6.11.2 | |
| Linux Linux kernel | =2.6.5 | |
| Linux Linux kernel | =2.6.15.3 | |
| Linux Linux kernel | =2.6.11.10 | |
| Linux Linux kernel | =2.6.1 | |
| Linux Linux kernel | =2.6.16.6 | |
| Linux Linux kernel | =2.6.16.8 | |
| Linux Linux kernel | =2.6.33-rc6 | |
| Linux Linux kernel | =2.6.22.4 | |
| Linux Linux kernel | =2.6.14.7 | |
| Linux Linux kernel | =2.6.13 | |
| Linux Linux kernel | =2.6.17.2 | |
| Linux Linux kernel | =2.6.13.3 | |
| Linux Linux kernel | =2.6.11.8 | |
| Linux Linux kernel | =2.6.23.7 | |
| Linux Linux kernel | =2.6.17.8 | |
| Linux Linux kernel | =2.6.14.4 | |
| Linux Linux kernel | =2.6.14 | |
| Linux Linux kernel | =2.6.17.4 | |
| Linux Linux kernel | =2.6.16.18 | |
| Linux Linux kernel | =2.6.17.14 | |
| Linux Linux kernel | =2.6.10 | |
| Linux Linux kernel | =2.6.14.3 | |
| Linux Linux kernel | =2.6.34-rc2 | |
| Linux Linux kernel | =2.6.24-rc3 | |
| Linux Linux kernel | =2.6.18.3 | |
| Linux Linux kernel | =2.6.11.6 | |
| Linux Linux kernel | =2.6.11.11 | |
| Linux Linux kernel | =2.6.16.13 | |
| Linux Linux kernel | =2.6.3 | |
| Linux Linux kernel | =2.6.32 | |
| Linux Linux kernel | =2.6.16.4 | |
| Linux Linux kernel | =2.6.17.3 | |
| Linux Linux kernel | =2.6.32.3 | |
| Linux Linux kernel | =2.6.22 | |
| Linux Linux kernel | =2.6.4 | |
| Linux Linux kernel | =2.6.16.15 | |
| Linux Linux kernel | =2.6.15.6 | |
| Linux Linux kernel | =2.6.24-rc5 | |
| Linux Linux kernel | =2.6.34-rc1 | |
| Linux Linux kernel | =2.6.15.1 | |
| Linux Linux kernel | =2.6.11.5 | |
| Linux Linux kernel | =2.6.18.4 | |
| Linux Linux kernel | =2.6.33-rc1 | |
| Linux Linux kernel | =2.6.16.1 | |
| Linux Linux kernel | =2.6.18.1 | |
| Linux Linux kernel | =2.6.23.1 | |
| Linux Linux kernel | =2.6.2 | |
| Linux Linux kernel | =2.6.14.5 | |
| Linux Linux kernel | =2.6.13.2 | |
| Linux Linux kernel | =2.6.17.5 | |
| Linux Linux kernel | =2.6.24-rc4 | |
| Linux Linux kernel | =2.6.18.5 | |
| Linux Linux kernel | =2.6.33.2 | |
| Linux Linux kernel | =2.6.13.5 | |
| Linux Linux kernel | =2.6.17 | |
| Linux Linux kernel | =2.6.16.11 | |
| Linux Linux kernel | =2.6.16.14 | |
| Linux Linux kernel | =2.6.33-rc2 | |
| Linux Linux kernel | =2.6.16.25 | |
| Linux Linux kernel | =2.6.16.21 | |
| Linux Linux kernel | =2.6.8 | |
| Linux Linux kernel | =2.6.16.28 | |
| Linux Linux kernel | =2.6.17.10 | |
| Linux Linux kernel | =2.6.14.1 | |
| Linux Linux kernel | =2.6.16.23 | |
| Linux Linux kernel | =2.6.33.1 | |
| Linux Linux kernel | =2.6.12.5 | |
| Linux Linux kernel | =2.6.15.7 | |
| Linux Linux kernel | =2.6.22.7 | |
| Linux Linux kernel | =2.6.16.3 | |
| Linux Linux kernel | =2.6.24-rc1 | |
| Linux Linux kernel | =2.6.14.6 | |
| Linux Linux kernel | =2.6.12.1 | |
| Linux Linux kernel | =2.6.11.9 | |
| Linux Linux kernel | =2.6.33 | |
| Linux Linux kernel | =2.6.17.1 | |
| Linux Linux kernel | =2.6.0 | |
| Linux Linux kernel | =2.6.13.4 | |
| Linux Linux kernel | =2.6.23-rc2 | |
| Linux Linux kernel | =2.6.22.6 | |
| Linux Linux kernel | =2.6.23.3 | |
| Linux Linux kernel | =2.6.18.8 | |
| Linux Linux kernel | =2.6.22.3 | |
| Linux Linux kernel | =2.6.12.2 | |
| Linux Linux kernel | =2.6.16.31 | |
| Linux Linux kernel | =2.6.16.26 | |
| Linux Linux kernel | =2.6.18.2 | |
| Linux Linux kernel | =2.6.16.29 | |
| Linux Linux kernel | =2.6.23-rc1 | |
| Linux Linux kernel | =2.6.16 | |
| Linux Linux kernel | =2.6.15.2 | |
| Linux Linux kernel | =2.6.16.22 | |
| Linux Linux kernel | =2.6.17.11 | |
| Linux Linux kernel | =2.6.16.10 | |
| Linux Linux kernel | =2.6.12.4 | |
| Linux Linux kernel | =2.6.11.3 | |
| Linux Linux kernel | =2.6.33-rc3 | |
| Linux Linux kernel | =2.6.16.24 | |
| Linux Linux kernel | =2.6.23 | |
| Linux Linux kernel | =2.6.12.3 | |
| Linux Linux kernel | =2.6.23.2 | |
| Linux Linux kernel | =2.6.34-rc3 | |
| Linux Linux kernel | =2.6.7 | |
| Linux Linux kernel | =2.6.32.4 | |
| Linux Linux kernel | <=2.6.34 | |
| Linux Linux kernel | =2.6.16.30 | |
| Linux Linux kernel | =2.6.15.4 | |
| Linux Linux kernel | =2.6.24-rc2 | |
| Linux Linux kernel | =2.6.16.17 | |
| Linux Linux kernel | =2.6.16.12 | |
| Linux Linux kernel | =2.6.16.27 | |
| Linux Linux kernel | =2.6.12.6 | |
| Linux Linux kernel | =2.6.17.7 | |
| Linux Linux kernel | =2.6.11.7 | |
| Linux Linux kernel | =2.6.16.2 | |
| Linux Linux kernel | =2.6.18.6 | |
| Linux Linux kernel | =2.6.15 | |
| Linux Linux kernel | =2.6.33-rc4 | |
| Linux Linux kernel | =2.6.34-rc4 | |
| Linux Linux kernel | =2.6.23.5 | |
| Linux Linux kernel | =2.6.32.2 | |
| Linux Linux kernel | =2.6.17.6 | |
| Linux Linux kernel | =2.6.23.6 | |
| Linux Linux kernel | =2.6.16.7 | |
| Linux Linux kernel | =2.6.32.1 | |
| Linux Linux kernel | =2.6.17.13 | |
| Linux Linux kernel | =2.6.22.2 | |
| Linux Linux kernel | =2.6.8.1 | |
| Linux Linux kernel | =2.6.22.5 | |
| Linux Linux kernel | =2.6.16.5 | |
| Linux Linux kernel | =2.6.11.4 | |
| Linux Linux kernel | =2.6.16.19 | |
| Linux Linux kernel | =2.6.11.12 | |
| Linux Linux kernel | =2.6.16.20 | |
| Linux Linux kernel | =2.6.15.5 | |
| Linux Linux kernel | =2.6.11.1 | |
| Linux Linux kernel | =2.6.33-rc5 | |
| Linux Linux kernel | =2.6.9 | |
| Linux Linux kernel | =2.6.13.1 | |
| Linux Linux kernel | =2.6.6 | |
| Linux Linux kernel | =2.6.12 | |
| debian/linux-2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1024286
- https://rhn.redhat.com/errata/RHSA-2010-0606.html
- https://bugzilla.redhat.com/show_bug.cgi?id=612028
- http://www.openwall.com/lists/oss-security/2010/07/07/1
- http://www.openwall.com/lists/oss-security/2010/07/09/2
- http://www.securityfocus.com/bid/42249
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6
- http://www.redhat.com/support/errata/RHSA-2010-0610.html
- http://www.debian.org/security/2010/dsa-2094
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
- http://www.redhat.com/support/errata/RHSA-2010-0893.html
- http://www.redhat.com/support/errata/RHSA-2010-0907.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
- http://www.vupen.com/english/advisories/2010/3050
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://secunia.com/advisories/43315
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2bc3c1179c781b359d4f2f3439cb3df72afc17fc
- https://launchpad.net/bugs/cve/CVE-2010-2521
- http://git.kernel.org/linus/2bc3c1179c781b359d4f2f3439cb3df72afc17fc
- https://rhn.redhat.com/errata/RHSA-2010-0610.html
- https://rhn.redhat.com/errata/RHSA-2010-0631.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=612031
- https://rhn.redhat.com/errata/RHSA-2010-0893.html
- https://rhn.redhat.com/errata/RHSA-2010-0907.html
- https://security-tracker.debian.org/tracker/CVE-2010-2521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521
- https://nvd.nist.gov/vuln/detail/CVE-2010-2521
- https://ubuntu.com/security/CVE-2010-2521
- collector/nvd-historical
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2521
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/description
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.11
- version/linux linux kernel/2.6.23.4
- version/linux linux kernel/2.6.16.16
- version/linux linux kernel/2.6.18.7
- version/linux linux kernel/2.6.17.12
- version/linux linux kernel/2.6.16.9
- version/linux linux kernel/2.6.17.9
- version/linux linux kernel/2.6.11.2
- version/linux linux kernel/2.6.5
- version/linux linux kernel/2.6.15.3
- version/linux linux kernel/2.6.11.10
- version/linux linux kernel/2.6.1
- version/linux linux kernel/2.6.16.6
- version/linux linux kernel/2.6.16.8
- version/linux linux kernel/2.6.33-rc6
- version/linux linux kernel/2.6.22.4
- version/linux linux kernel/2.6.14.7
- version/linux linux kernel/2.6.13
- version/linux linux kernel/2.6.17.2
- version/linux linux kernel/2.6.13.3
- version/linux linux kernel/2.6.11.8
- version/linux linux kernel/2.6.23.7
- version/linux linux kernel/2.6.17.8
- version/linux linux kernel/2.6.14.4
- version/linux linux kernel/2.6.14
- version/linux linux kernel/2.6.17.4
- version/linux linux kernel/2.6.16.18
- version/linux linux kernel/2.6.17.14
- version/linux linux kernel/2.6.10
- version/linux linux kernel/2.6.14.3
- version/linux linux kernel/2.6.34-rc2
- version/linux linux kernel/2.6.24-rc3
- version/linux linux kernel/2.6.18.3
- version/linux linux kernel/2.6.11.6
- version/linux linux kernel/2.6.11.11
- version/linux linux kernel/2.6.16.13
- version/linux linux kernel/2.6.3
- version/linux linux kernel/2.6.32
- version/linux linux kernel/2.6.16.4
- version/linux linux kernel/2.6.17.3
- version/linux linux kernel/2.6.32.3
- version/linux linux kernel/2.6.22
- version/linux linux kernel/2.6.4
- version/linux linux kernel/2.6.16.15
- version/linux linux kernel/2.6.15.6
- version/linux linux kernel/2.6.24-rc5
- version/linux linux kernel/2.6.34-rc1
- version/linux linux kernel/2.6.15.1
- version/linux linux kernel/2.6.11.5
- version/linux linux kernel/2.6.18.4
- version/linux linux kernel/2.6.33-rc1
- version/linux linux kernel/2.6.16.1
- version/linux linux kernel/2.6.18.1
- version/linux linux kernel/2.6.23.1
- version/linux linux kernel/2.6.2
- version/linux linux kernel/2.6.14.5
- version/linux linux kernel/2.6.13.2
- version/linux linux kernel/2.6.17.5
- version/linux linux kernel/2.6.24-rc4
- version/linux linux kernel/2.6.18.5
- version/linux linux kernel/2.6.33.2
- version/linux linux kernel/2.6.13.5
- version/linux linux kernel/2.6.17
- version/linux linux kernel/2.6.16.11
- version/linux linux kernel/2.6.16.14
- version/linux linux kernel/2.6.33-rc2
- version/linux linux kernel/2.6.16.25
- version/linux linux kernel/2.6.16.21
- version/linux linux kernel/2.6.8
- version/linux linux kernel/2.6.16.28
- version/linux linux kernel/2.6.17.10
- version/linux linux kernel/2.6.14.1
- version/linux linux kernel/2.6.16.23
- version/linux linux kernel/2.6.33.1
- version/linux linux kernel/2.6.12.5
- version/linux linux kernel/2.6.15.7
- version/linux linux kernel/2.6.22.7
- version/linux linux kernel/2.6.16.3
- version/linux linux kernel/2.6.24-rc1
- version/linux linux kernel/2.6.14.6
- version/linux linux kernel/2.6.12.1
- version/linux linux kernel/2.6.11.9
- version/linux linux kernel/2.6.33
- version/linux linux kernel/2.6.17.1
- version/linux linux kernel/2.6.0
- version/linux linux kernel/2.6.13.4
- version/linux linux kernel/2.6.23-rc2
- version/linux linux kernel/2.6.22.6
- version/linux linux kernel/2.6.23.3
- version/linux linux kernel/2.6.18.8
- version/linux linux kernel/2.6.22.3
- version/linux linux kernel/2.6.12.2
- version/linux linux kernel/2.6.16.31
- version/linux linux kernel/2.6.16.26
- version/linux linux kernel/2.6.18.2
- version/linux linux kernel/2.6.16.29
- version/linux linux kernel/2.6.23-rc1
- version/linux linux kernel/2.6.16
- version/linux linux kernel/2.6.15.2
- version/linux linux kernel/2.6.16.22
- version/linux linux kernel/2.6.17.11
- version/linux linux kernel/2.6.16.10
- version/linux linux kernel/2.6.12.4
- version/linux linux kernel/2.6.11.3
- version/linux linux kernel/2.6.33-rc3
- version/linux linux kernel/2.6.16.24
- version/linux linux kernel/2.6.23
- version/linux linux kernel/2.6.12.3
- version/linux linux kernel/2.6.23.2
- version/linux linux kernel/2.6.34-rc3
- version/linux linux kernel/2.6.7
- version/linux linux kernel/2.6.32.4
- version/linux linux kernel/2.6.34
- version/linux linux kernel/2.6.16.30
- version/linux linux kernel/2.6.15.4
- version/linux linux kernel/2.6.24-rc2
- version/linux linux kernel/2.6.16.17
- version/linux linux kernel/2.6.16.12
- version/linux linux kernel/2.6.16.27
- version/linux linux kernel/2.6.12.6
- version/linux linux kernel/2.6.17.7
- version/linux linux kernel/2.6.11.7
- version/linux linux kernel/2.6.16.2
- version/linux linux kernel/2.6.18.6
- version/linux linux kernel/2.6.15
- version/linux linux kernel/2.6.33-rc4
- version/linux linux kernel/2.6.34-rc4
- version/linux linux kernel/2.6.23.5
- version/linux linux kernel/2.6.32.2
- version/linux linux kernel/2.6.17.6
- version/linux linux kernel/2.6.23.6
- version/linux linux kernel/2.6.16.7
- version/linux linux kernel/2.6.32.1
- version/linux linux kernel/2.6.17.13
- version/linux linux kernel/2.6.22.2
- version/linux linux kernel/2.6.8.1
- version/linux linux kernel/2.6.22.5
- version/linux linux kernel/2.6.16.5
- version/linux linux kernel/2.6.11.4
- version/linux linux kernel/2.6.16.19
- version/linux linux kernel/2.6.11.12
- version/linux linux kernel/2.6.16.20
- version/linux linux kernel/2.6.15.5
- version/linux linux kernel/2.6.11.1
- version/linux linux kernel/2.6.33-rc5
- version/linux linux kernel/2.6.9
- version/linux linux kernel/2.6.13.1
- version/linux linux kernel/2.6.6
- version/linux linux kernel/2.6.12
- package-manager/debian