CVE-2010-2521: Buffer Overflow
First published: Wed Jul 07 2010(Updated: )
Description of problem: When read_buf is called to move over to the next page in the pagelist of an NFSv4 request, it sets argp->end to essentially a random number, certainly not an address within the page which argp->p now points to. So subsequent calls to READ_BUF will think there is much more than a page of spare space (the cast to u32 ensures an unsigned comparison) so we can expect to fall off the end of the second page. We never encountered this in testing because typically the only operations which use more than two pages are write-like operations, which have their own decoding logic. Something like a getattr after a write may cross a page boundary, but it would be very unusual for it to cross another boundary after that. Upstream commit: <a href="http://git.kernel.org/linus/2bc3c1179c781b359d4f2f3439cb3df72afc17fc">http://git.kernel.org/linus/2bc3c1179c781b359d4f2f3439cb3df72afc17fc</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Kernel | <=2.6.34 | |
| Linux Kernel | =2.6.0 | |
| Linux Kernel | =2.6.1 | |
| Linux Kernel | =2.6.2 | |
| Linux Kernel | =2.6.3 | |
| Linux Kernel | =2.6.4 | |
| Linux Kernel | =2.6.5 | |
| Linux Kernel | =2.6.6 | |
| Linux Kernel | =2.6.7 | |
| Linux Kernel | =2.6.8 | |
| Linux Kernel | =2.6.8.1 | |
| Linux Kernel | =2.6.9 | |
| Linux Kernel | =2.6.10 | |
| Linux Kernel | =2.6.11 | |
| Linux Kernel | =2.6.11.1 | |
| Linux Kernel | =2.6.11.2 | |
| Linux Kernel | =2.6.11.3 | |
| Linux Kernel | =2.6.11.4 | |
| Linux Kernel | =2.6.11.5 | |
| Linux Kernel | =2.6.11.6 | |
| Linux Kernel | =2.6.11.7 | |
| Linux Kernel | =2.6.11.8 | |
| Linux Kernel | =2.6.11.9 | |
| Linux Kernel | =2.6.11.10 | |
| Linux Kernel | =2.6.11.11 | |
| Linux Kernel | =2.6.11.12 | |
| Linux Kernel | =2.6.12 | |
| Linux Kernel | =2.6.12.1 | |
| Linux Kernel | =2.6.12.2 | |
| Linux Kernel | =2.6.12.3 | |
| Linux Kernel | =2.6.12.4 | |
| Linux Kernel | =2.6.12.5 | |
| Linux Kernel | =2.6.12.6 | |
| Linux Kernel | =2.6.13 | |
| Linux Kernel | =2.6.13.1 | |
| Linux Kernel | =2.6.13.2 | |
| Linux Kernel | =2.6.13.3 | |
| Linux Kernel | =2.6.13.4 | |
| Linux Kernel | =2.6.13.5 | |
| Linux Kernel | =2.6.14 | |
| Linux Kernel | =2.6.14.1 | |
| Linux Kernel | =2.6.14.3 | |
| Linux Kernel | =2.6.14.4 | |
| Linux Kernel | =2.6.14.5 | |
| Linux Kernel | =2.6.14.6 | |
| Linux Kernel | =2.6.14.7 | |
| Linux Kernel | =2.6.15 | |
| Linux Kernel | =2.6.15.1 | |
| Linux Kernel | =2.6.15.2 | |
| Linux Kernel | =2.6.15.3 | |
| Linux Kernel | =2.6.15.4 | |
| Linux Kernel | =2.6.15.5 | |
| Linux Kernel | =2.6.15.6 | |
| Linux Kernel | =2.6.15.7 | |
| Linux Kernel | =2.6.16 | |
| Linux Kernel | =2.6.16.1 | |
| Linux Kernel | =2.6.16.2 | |
| Linux Kernel | =2.6.16.3 | |
| Linux Kernel | =2.6.16.4 | |
| Linux Kernel | =2.6.16.5 | |
| Linux Kernel | =2.6.16.6 | |
| Linux Kernel | =2.6.16.7 | |
| Linux Kernel | =2.6.16.8 | |
| Linux Kernel | =2.6.16.9 | |
| Linux Kernel | =2.6.16.10 | |
| Linux Kernel | =2.6.16.11 | |
| Linux Kernel | =2.6.16.12 | |
| Linux Kernel | =2.6.16.13 | |
| Linux Kernel | =2.6.16.14 | |
| Linux Kernel | =2.6.16.15 | |
| Linux Kernel | =2.6.16.16 | |
| Linux Kernel | =2.6.16.17 | |
| Linux Kernel | =2.6.16.18 | |
| Linux Kernel | =2.6.16.19 | |
| Linux Kernel | =2.6.16.20 | |
| Linux Kernel | =2.6.16.21 | |
| Linux Kernel | =2.6.16.22 | |
| Linux Kernel | =2.6.16.23 | |
| Linux Kernel | =2.6.16.24 | |
| Linux Kernel | =2.6.16.25 | |
| Linux Kernel | =2.6.16.26 | |
| Linux Kernel | =2.6.16.27 | |
| Linux Kernel | =2.6.16.28 | |
| Linux Kernel | =2.6.16.29 | |
| Linux Kernel | =2.6.16.30 | |
| Linux Kernel | =2.6.16.31 | |
| Linux Kernel | =2.6.17 | |
| Linux Kernel | =2.6.17.1 | |
| Linux Kernel | =2.6.17.2 | |
| Linux Kernel | =2.6.17.3 | |
| Linux Kernel | =2.6.17.4 | |
| Linux Kernel | =2.6.17.5 | |
| Linux Kernel | =2.6.17.6 | |
| Linux Kernel | =2.6.17.7 | |
| Linux Kernel | =2.6.17.8 | |
| Linux Kernel | =2.6.17.9 | |
| Linux Kernel | =2.6.17.10 | |
| Linux Kernel | =2.6.17.11 | |
| Linux Kernel | =2.6.17.12 | |
| Linux Kernel | =2.6.17.13 | |
| Linux Kernel | =2.6.17.14 | |
| Linux Kernel | =2.6.18.1 | |
| Linux Kernel | =2.6.18.2 | |
| Linux Kernel | =2.6.18.3 | |
| Linux Kernel | =2.6.18.4 | |
| Linux Kernel | =2.6.18.5 | |
| Linux Kernel | =2.6.18.6 | |
| Linux Kernel | =2.6.18.7 | |
| Linux Kernel | =2.6.18.8 | |
| Linux Kernel | =2.6.22 | |
| Linux Kernel | =2.6.22.2 | |
| Linux Kernel | =2.6.22.3 | |
| Linux Kernel | =2.6.22.4 | |
| Linux Kernel | =2.6.22.5 | |
| Linux Kernel | =2.6.22.6 | |
| Linux Kernel | =2.6.22.7 | |
| Linux Kernel | =2.6.23 | |
| Linux Kernel | =2.6.23-rc1 | |
| Linux Kernel | =2.6.23-rc2 | |
| Linux Kernel | =2.6.23.1 | |
| Linux Kernel | =2.6.23.2 | |
| Linux Kernel | =2.6.23.3 | |
| Linux Kernel | =2.6.23.4 | |
| Linux Kernel | =2.6.23.5 | |
| Linux Kernel | =2.6.23.6 | |
| Linux Kernel | =2.6.23.7 | |
| Linux Kernel | =2.6.24-rc1 | |
| Linux Kernel | =2.6.24-rc2 | |
| Linux Kernel | =2.6.24-rc3 | |
| Linux Kernel | =2.6.24-rc4 | |
| Linux Kernel | =2.6.24-rc5 | |
| Linux Kernel | =2.6.32 | |
| Linux Kernel | =2.6.32.1 | |
| Linux Kernel | =2.6.32.2 | |
| Linux Kernel | =2.6.32.3 | |
| Linux Kernel | =2.6.32.4 | |
| Linux Kernel | =2.6.33 | |
| Linux Kernel | =2.6.33-rc1 | |
| Linux Kernel | =2.6.33-rc2 | |
| Linux Kernel | =2.6.33-rc3 | |
| Linux Kernel | =2.6.33-rc4 | |
| Linux Kernel | =2.6.33-rc5 | |
| Linux Kernel | =2.6.33-rc6 | |
| Linux Kernel | =2.6.33.1 | |
| Linux Kernel | =2.6.33.2 | |
| Linux Kernel | =2.6.34-rc1 | |
| Linux Kernel | =2.6.34-rc2 | |
| Linux Kernel | =2.6.34-rc3 | |
| Linux Kernel | =2.6.34-rc4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1024286
- https://rhn.redhat.com/errata/RHSA-2010-0606.html
- https://bugzilla.redhat.com/show_bug.cgi?id=612028
- http://www.openwall.com/lists/oss-security/2010/07/07/1
- http://www.openwall.com/lists/oss-security/2010/07/09/2
- http://www.securityfocus.com/bid/42249
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6
- http://www.redhat.com/support/errata/RHSA-2010-0610.html
- http://www.debian.org/security/2010/dsa-2094
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
- http://www.redhat.com/support/errata/RHSA-2010-0893.html
- http://www.redhat.com/support/errata/RHSA-2010-0907.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
- http://www.vupen.com/english/advisories/2010/3050
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://secunia.com/advisories/43315
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2bc3c1179c781b359d4f2f3439cb3df72afc17fc
- https://launchpad.net/bugs/cve/CVE-2010-2521
- http://git.kernel.org/linus/2bc3c1179c781b359d4f2f3439cb3df72afc17fc
- https://rhn.redhat.com/errata/RHSA-2010-0610.html
- https://rhn.redhat.com/errata/RHSA-2010-0631.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=612031
- https://rhn.redhat.com/errata/RHSA-2010-0893.html
- https://rhn.redhat.com/errata/RHSA-2010-0907.html
- https://security-tracker.debian.org/tracker/CVE-2010-2521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521
- https://nvd.nist.gov/vuln/detail/CVE-2010-2521
- https://ubuntu.com/security/CVE-2010-2521
Frequently Asked Questions
What is the severity of CVE-2010-2521?
CVE-2010-2521 has a medium severity rating due to potential impacts on system stability and security.
How do I fix CVE-2010-2521?
To fix CVE-2010-2521, update your Linux kernel to a version that includes the patch addressing this vulnerability.
Which versions of the Linux kernel are affected by CVE-2010-2521?
CVE-2010-2521 affects multiple versions of the Linux kernel up to and including 2.6.34.
What types of systems are at risk from CVE-2010-2521?
Systems running vulnerable Linux kernel versions that utilize NFSv4 requests are at risk from CVE-2010-2521.
Can CVE-2010-2521 lead to data loss?
Yes, CVE-2010-2521 may lead to data corruption or loss depending on the operations being performed on the affected NFSv4 requests.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2521
- agent/first-publish-date
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-historical
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.34
- version/linux kernel/2.6.0
- version/linux kernel/2.6.1
- version/linux kernel/2.6.2
- version/linux kernel/2.6.3
- version/linux kernel/2.6.4
- version/linux kernel/2.6.5
- version/linux kernel/2.6.6
- version/linux kernel/2.6.7
- version/linux kernel/2.6.8
- version/linux kernel/2.6.8.1
- version/linux kernel/2.6.9
- version/linux kernel/2.6.10
- version/linux kernel/2.6.11
- version/linux kernel/2.6.11.1
- version/linux kernel/2.6.11.2
- version/linux kernel/2.6.11.3
- version/linux kernel/2.6.11.4
- version/linux kernel/2.6.11.5
- version/linux kernel/2.6.11.6
- version/linux kernel/2.6.11.7
- version/linux kernel/2.6.11.8
- version/linux kernel/2.6.11.9
- version/linux kernel/2.6.11.10
- version/linux kernel/2.6.11.11
- version/linux kernel/2.6.11.12
- version/linux kernel/2.6.12
- version/linux kernel/2.6.12.1
- version/linux kernel/2.6.12.2
- version/linux kernel/2.6.12.3
- version/linux kernel/2.6.12.4
- version/linux kernel/2.6.12.5
- version/linux kernel/2.6.12.6
- version/linux kernel/2.6.13
- version/linux kernel/2.6.13.1
- version/linux kernel/2.6.13.2
- version/linux kernel/2.6.13.3
- version/linux kernel/2.6.13.4
- version/linux kernel/2.6.13.5
- version/linux kernel/2.6.14
- version/linux kernel/2.6.14.1
- version/linux kernel/2.6.14.3
- version/linux kernel/2.6.14.4
- version/linux kernel/2.6.14.5
- version/linux kernel/2.6.14.6
- version/linux kernel/2.6.14.7
- version/linux kernel/2.6.15
- version/linux kernel/2.6.15.1
- version/linux kernel/2.6.15.2
- version/linux kernel/2.6.15.3
- version/linux kernel/2.6.15.4
- version/linux kernel/2.6.15.5
- version/linux kernel/2.6.15.6
- version/linux kernel/2.6.15.7
- version/linux kernel/2.6.16
- version/linux kernel/2.6.16.1
- version/linux kernel/2.6.16.2
- version/linux kernel/2.6.16.3
- version/linux kernel/2.6.16.4
- version/linux kernel/2.6.16.5
- version/linux kernel/2.6.16.6
- version/linux kernel/2.6.16.7
- version/linux kernel/2.6.16.8
- version/linux kernel/2.6.16.9
- version/linux kernel/2.6.16.10
- version/linux kernel/2.6.16.11
- version/linux kernel/2.6.16.12
- version/linux kernel/2.6.16.13
- version/linux kernel/2.6.16.14
- version/linux kernel/2.6.16.15
- version/linux kernel/2.6.16.16
- version/linux kernel/2.6.16.17
- version/linux kernel/2.6.16.18
- version/linux kernel/2.6.16.19
- version/linux kernel/2.6.16.20
- version/linux kernel/2.6.16.21
- version/linux kernel/2.6.16.22
- version/linux kernel/2.6.16.23
- version/linux kernel/2.6.16.24
- version/linux kernel/2.6.16.25
- version/linux kernel/2.6.16.26
- version/linux kernel/2.6.16.27
- version/linux kernel/2.6.16.28
- version/linux kernel/2.6.16.29
- version/linux kernel/2.6.16.30
- version/linux kernel/2.6.16.31
- version/linux kernel/2.6.17
- version/linux kernel/2.6.17.1
- version/linux kernel/2.6.17.2
- version/linux kernel/2.6.17.3
- version/linux kernel/2.6.17.4
- version/linux kernel/2.6.17.5
- version/linux kernel/2.6.17.6
- version/linux kernel/2.6.17.7
- version/linux kernel/2.6.17.8
- version/linux kernel/2.6.17.9
- version/linux kernel/2.6.17.10
- version/linux kernel/2.6.17.11
- version/linux kernel/2.6.17.12
- version/linux kernel/2.6.17.13
- version/linux kernel/2.6.17.14
- version/linux kernel/2.6.18.1
- version/linux kernel/2.6.18.2
- version/linux kernel/2.6.18.3
- version/linux kernel/2.6.18.4
- version/linux kernel/2.6.18.5
- version/linux kernel/2.6.18.6
- version/linux kernel/2.6.18.7
- version/linux kernel/2.6.18.8
- version/linux kernel/2.6.22
- version/linux kernel/2.6.22.2
- version/linux kernel/2.6.22.3
- version/linux kernel/2.6.22.4
- version/linux kernel/2.6.22.5
- version/linux kernel/2.6.22.6
- version/linux kernel/2.6.22.7
- version/linux kernel/2.6.23
- version/linux kernel/2.6.23-rc1
- version/linux kernel/2.6.23-rc2
- version/linux kernel/2.6.23.1
- version/linux kernel/2.6.23.2
- version/linux kernel/2.6.23.3
- version/linux kernel/2.6.23.4
- version/linux kernel/2.6.23.5
- version/linux kernel/2.6.23.6
- version/linux kernel/2.6.23.7
- version/linux kernel/2.6.24-rc1
- version/linux kernel/2.6.24-rc2
- version/linux kernel/2.6.24-rc3
- version/linux kernel/2.6.24-rc4
- version/linux kernel/2.6.24-rc5
- version/linux kernel/2.6.32
- version/linux kernel/2.6.32.1
- version/linux kernel/2.6.32.2
- version/linux kernel/2.6.32.3
- version/linux kernel/2.6.32.4
- version/linux kernel/2.6.33
- version/linux kernel/2.6.33-rc1
- version/linux kernel/2.6.33-rc2
- version/linux kernel/2.6.33-rc3
- version/linux kernel/2.6.33-rc4
- version/linux kernel/2.6.33-rc5
- version/linux kernel/2.6.33-rc6
- version/linux kernel/2.6.33.1
- version/linux kernel/2.6.33.2
- version/linux kernel/2.6.34-rc1
- version/linux kernel/2.6.34-rc2
- version/linux kernel/2.6.34-rc3
- version/linux kernel/2.6.34-rc4