CVE-2010-2954: Null Pointer Dereference
First published: Tue Aug 31 2010(Updated: )
Description of problem: BUG: unable to handle kernel NULL pointer dereference at 00000004 IP: [<f7f06dca>] hashbin_delete+0x14/0xad [irda] *pdpt = 0000000000a57001 *pde = 0000000000000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/virtual/dmi/id/sys_vendor Modules linked in: irda crc_ccitt fuse ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 vmblock vsock vmmemctl vmhgfs uinput pcnet32 ppdev vmxnet microcode parport_pc parport mii vmci i2c_piix4 i2c_core mptspi mptscsih mptbase scsi_transport_spi [last unloaded: scsi_wait_scan] Pid: 2403, comm: a.out Not tainted 2.6.33.6-147.2.4.fc13.i686.PAE #1 440BX Desktop Reference Platform/VMware Virtual Platform EIP: 0060:[<f7f06dca>] EFLAGS: 00010282 CPU: 0 EIP is at hashbin_delete+0x14/0xad [irda] EAX: 00000000 EBX: 00000000 ECX: f2f97f4c EDX: f7f084aa ESI: df1b8800 EDI: f7f084aa EBP: eb19bd78 ESP: eb19bd64 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process a.out (pid: 2403, ti=eb19a000 task=f2ed9980 task.ti=eb19a000) Stack: 00000000 00000202 eb0df2c0 df1b8800 df1a6770 eb19bd84 f7f085f5 eb0df2c0 <0> eb19bd90 f7f0861f eb20c400 eb19bda4 f7f0a958 df1b8800 f7f0ebe4 df1a6770 <0> eb19bdb4 c06ef16e f2e21100 00000008 eb19bdbc c06ef1cf eb19bde0 c04d183a Call Trace: [<f7f085f5>] ? __irias_delete_object+0x1b/0x2c [irda] [<f7f0861f>] ? irias_delete_object+0x19/0x1e [irda] [<f7f0a958>] ? irda_release+0x65/0x127 [irda] [<c06ef16e>] ? sock_release+0x14/0x59 [<c06ef1cf>] ? sock_close+0x1c/0x20 [<c04d183a>] ? __fput+0xea/0x181 [<c04d18e4>] ? fput+0x13/0x15 [<c04cef5f>] ? filp_close+0x51/0x5b [<c043f260>] ? put_files_struct+0x5f/0xb3 [<c043f2e8>] ? exit_files+0x34/0x38 [<c0440a1b>] ? do_exit+0x200/0x615 [<c044c4c0>] ? dequeue_signal+0xb1/0x120 [<c0440e9b>] ? do_group_exit+0x6b/0x94 [<c044c89d>] ? get_signal_to_deliver+0x36e/0x389 [<c0407cd4>] ? do_signal+0x5a/0x6f4 [<c078359d>] ? apic_timer_interrupt+0x31/0x38 [<c0455f57>] ? hrtimer_nanosleep+0x94/0xdc [<c04d7376>] ? path_put+0x15/0x18 [<c047c6a6>] ? audit_syscall_exit+0xfa/0x10f [<c040838d>] ? do_notify_resume+0x1f/0x79 [<c07831e4>] ? work_notifysig+0x13/0x1b Code: 04 01 74 0b 8b 55 f0 8d 43 0c e8 b8 bf 87 c8 83 c4 0c 5b 5e 5f 5d c3 55 89 e5 57 89 d7 56 53 89 c3 83 ec 08 c7 45 ec 00 00 00 00 <f6> 40 04 01 74 0b 8d 40 0c e8 40 bf 87 c8 89 45 ec 89 de c7 45 EIP: [<f7f06dca>] hashbin_delete+0x14/0xad [irda] SS:ESP 0068:eb19bd64 CR2: 0000000000000004 ---[ end trace 8c5fb89ec896b3a8 ]--- Fixing recursive fault but reboot is needed! Acknowledgements: Red Hat would like to thank Tavis Ormandy for reporting this issue.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Linux kernel | <2.6.36 | |
| Linux Linux kernel | =2.6.36 | |
| Linux Linux kernel | =2.6.36-rc1 | |
| Linux Linux kernel | =2.6.36-rc2 | |
| openSUSE openSUSE | =11.3 | |
| SUSE Linux Enterprise Desktop | =11 | |
| SUSE Linux Enterprise Desktop | =11-sp1 | |
| SUSE Linux Enterprise Server | =11 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =9.04 | |
| Canonical Ubuntu Linux | =9.10 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =10.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://twitter.com/taviso/statuses/22635752128
- http://secunia.com/advisories/41234
- http://secunia.com/advisories/41512
- http://www.vupen.com/english/advisories/2010/2266
- http://www.vupen.com/english/advisories/2010/2430
- http://www.vupen.com/english/advisories/2011/0298
- https://bugzilla.redhat.com/show_bug.cgi?id=628770
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.spinics.net/lists/netdev/msg139404.html
- http://marc.info/?l=oss-security&m=128331787923285&w=2
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257
- http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61522
- https://launchpad.net/bugs/cve/CVE-2010-2954
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff_plain;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257
- http://git.kernel.org/linus/628e300cccaa628d8fb92aa28cb7530a3d5f2257
- https://security-tracker.debian.org/tracker/CVE-2010-2954
- http://marc.info/?l=oss-security&m=128331787923285&w=2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2954
- https://nvd.nist.gov/vuln/detail/CVE-2010-2954
- https://ubuntu.com/security/CVE-2010-2954
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2954
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/references
- agent/weakness
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.36
- version/linux linux kernel/2.6.36-rc1
- version/linux linux kernel/2.6.36-rc2
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11
- version/suse linux enterprise desktop/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11
- version/suse linux enterprise server/11-sp1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/9.04
- version/canonical ubuntu linux/9.10
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/10.10