high
7
CWE
476
Advisory Published
Updated

REDHAT-BUG-586415: Null Pointer Dereference

First published: Tue Apr 27 2010(Updated: )

Created <span class=""><a href="attachment.cgi?id=409485" name="attach_409485" title="job xml">attachment 409485</a> <a href="attachment.cgi?id=409485&amp;action=edit" title="job xml">[details]</a></span> job xml Description of problem: Below is console log, Starting RHTS testing: Running with correct RECIPEID. 04/27/10 09:37:27 recipeID:393073 start: Collecting all rpm packages... Sending rpm info to <a href="http://rhts.redhat.com/cgi-bin/rhts/scheduler_xmlrpc.cgi">http://rhts.redhat.com/cgi-bin/rhts/scheduler_xmlrpc.cgi</a> resp = client.results.allRpms(recipeid, pkg_list) 3165111:/distribution/install has already run.. 3165112:/distribution/kernelinstall has already run.. /mnt/tests/kernel/security/CVE-2006-0742 / (XEN) mm.c:735:d0 vcpu 2 iip 0xa00000010006bad0: bad mpa d 0 0x3ffffff7f0200 (=&gt; 0x1bec20000) Unable to handle kernel NULL pointer dereference (address 0000000000000000) swapper[0]: Oops 4294967296 [1] Modules linked in: autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc ipv6 xfrm_nalgo crypto_api vfat fat loop dm_multipath scsi_dh wmi power_meter hwmon button parport_pc lp parport sr_mod cdrom sg tg3 dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 0, CPU 2, comm: swapper psr : 0000101008026010 ifs : 8000000000000004 ip : [&lt;0000000000000000&gt;] Not tainted (2.6.18-194.2.1.el5xen) ip is at __start_ivt_text+0x5fffffff00000000/0x400 unat: 0000000000000000 pfs : 800000000000048d rsc : 0000000000000008 rnat: 0000000000000000 bsps: a0000002011d6180 pr : 000000000001a965 ldrs: 0000000000000000 ccv : 0000000000000000 fpsr: 0009804c0a70033f csd : 0000000000000000 ssd : 0000000000000000 b0 : a0000001000a6840 b6 : 0000000000000000 b7 : a0000001000a6380 f6 : 1003e000000000000064e f7 : 1003e0044b82fa09b5a53 f8 : 1003e0000000000177db7 f9 : 1003e0000000000000001 f10 : 1003e62a65c7260000000 f11 : 1003e0000000000000000 r1 : 0000000000000000 r2 : 800000000000048d r3 : 0000000000000001 r8 : a000000100a827d8 r9 : a000000100a827d8 r10 : e0000001bd907bc0 r11 : e0000001bd907bc0 r12 : e0000001bd907bb0 r13 : e0000001bd900000 r14 : 0000000000000001 r15 : e0000001bd907bc0 r16 : a0000001009ad128 r17 : 0000000000200200 r18 : e0000001bd907bc8 r19 : fffffffffff00061 r20 : 0000000000000000 r21 : fffffffffff00060 r22 : fffffffffff00061 r23 : 0000000000000000 r24 : a0000001009ad130 r25 : e0000001bd901068 r26 : a000000100a6e7b8 r27 : e0000001bd894010 r28 : 00000000ffff6b63 r29 : e0000001bd894620 r30 : 00000000ffff6b62 r31 : 0000000000000062 Call Trace: [&lt;a00000010001d240&gt;] show_stack+0x40/0xa0 sp=e0000001bd907740 bsp=e0000001bd901490 [&lt;a00000010001db70&gt;] show_regs+0x870/0x8c0 sp=e0000001bd907910 bsp=e0000001bd901438 [&lt;a000000100043720&gt;] die+0x1c0/0x380 sp=e0000001bd907910 bsp=e0000001bd9013e8 [&lt;a00000010068f230&gt;] ia64_do_page_fault+0x970/0xaa0 sp=e0000001bd907930 bsp=e0000001bd901398 [&lt;a00000010006b320&gt;] xen_leave_kernel+0x0/0x3e0 sp=e0000001bd9079e0 bsp=e0000001bd901398 &lt;0&gt;Kernel panic - not syncing: Fatal exception (XEN) Domain 0 crashed: rebooting machine in 5 seconds. And after reboot, another panic log (XEN) mm.c:735:d0 vcpu 0 iip 0xa00000010006bad0: bad mpa d 0 0x10600010000b9 (=&gt; 0x1bec20000) (XEN) $$$$$ PANIC in domain 0 (k6=0xf000000007910000): itc on Xen virtual space (f095060001000000) (XEN) domain_crash_sync called from xenmisc.c:171 (XEN) Domain 0 (vcpu#0) crashed on cpu#0: (XEN) d 0xf000000007930080 domid 0 (XEN) vcpu 0xf000000007910000 vcpu 0 (XEN) (XEN) CPU 0 (XEN) psr : 00001212080a6010 ifs : 800000000000048c ip : [&lt;a00000010057f081&gt;] (XEN) ip is at ??? (XEN) unat: 0000000000000000 pfs : 800000000000048c rsc : 0000000000000008 (XEN) rnat: 0000000000000000 bsps: a000000100821410 pr : 0000000000016665 (XEN) ldrs: 0000000001b00000 ccv : 0000000000000000 fpsr: 0009804c0270033f (XEN) csd : 0000000000000000 ssd : 0000000000000000 (XEN) b0 : a00000010057f060 b6 : a00000010061a160 b7 : a00000010063fd60 (XEN) f6 : 1003e0000000000000000 f7 : 000000000000000000000 (XEN) f8 : 000000000000000000000 f9 : 000000000000000000000 (XEN) f10 : 000000000000000000000 f11 : 000000000000000000000 (XEN) r1 : a000000100c69320 r2 : a000000100a1de38 r3 : 0000000000000070 (XEN) r8 : 000000000000006f r9 : e0000001bbf29300 r10 : e0000001bc864000 (XEN) r11 : 1ffffffe4379bfff r12 : a000000100827b10 r13 : a000000100820000 (XEN) r14 : f0950600010000b9 r15 : a000000100821068 r16 : 0000000000000007 (XEN) r17 : 0000000000000000 r18 : a000000100a1de40 r19 : 0000000000000000 (XEN) r20 : a000000100a1de30 r21 : a000000100821054 r22 : 00000000053111cd (XEN) r23 : 0000000666bd02da r24 : ffffffff74549c57 r25 : 000000030cdf3c97 (XEN) r26 : e00000019abdf690 r27 : 000000009c570000 r28 : fffffffc3a7539bd (XEN) r29 : a000000100a6a4a8 r30 : fffffffbaec9d614 r31 : 000000000008133d (XEN) (XEN) Call Trace: (XEN) [&lt;f0000000040c0450&gt;] show_stack+0x80/0xa0 (XEN) sp=f000000007917ab0 bsp=f000000007911538 (XEN) [&lt;f00000000401f300&gt;] __domain_crash+0x100/0x140 (XEN) sp=f000000007917c80 bsp=f000000007911510 (XEN) [&lt;f00000000401f380&gt;] __domain_crash_synchronous+0x40/0xf0 (XEN) sp=f000000007917c80 bsp=f0000000079114e8 (XEN) [&lt;f000000004093fa0&gt;] panic_domain+0x160/0x170 (XEN) sp=f000000007917c80 bsp=f000000007911480 (XEN) [&lt;f00000000408d0a0&gt;] vcpu_itc_no_srlz+0x350/0x360 (XEN) sp=f000000007917dc0 bsp=f000000007911418 (XEN) [&lt;f000000004085f70&gt;] ia64_do_page_fault+0x160/0x650 (XEN) sp=f000000007917dc0 bsp=f000000007911380 (XEN) [&lt;f0000000040b9240&gt;] ia64_leave_kernel+0x0/0x300 (XEN) sp=f000000007917e00 bsp=f000000007911380 (XEN) (XEN) Call Trace: (XEN) [&lt;f0000000040c0450&gt;] show_stack+0x80/0xa0 (XEN) sp=f000000007917ab0 bsp=f000000007911538 (XEN) [&lt;f00000000401f310&gt;] __domain_crash+0x110/0x140 (XEN) sp=f000000007917c80 bsp=f000000007911510 (XEN) [&lt;f00000000401f380&gt;] __domain_crash_synchronous+0x40/0xf0 (XEN) sp=f000000007917c80 bsp=f0000000079114e8 (XEN) [&lt;f000000004093fa0&gt;] panic_domain+0x160/0x170 (XEN) sp=f000000007917c80 bsp=f000000007911480 (XEN) [&lt;f00000000408d0a0&gt;] vcpu_itc_no_srlz+0x350/0x360 (XEN) sp=f000000007917dc0 bsp=f000000007911418 (XEN) [&lt;f000000004085f70&gt;] ia64_do_page_fault+0x160/0x650 (XEN) sp=f000000007917dc0 bsp=f000000007911380 (XEN) [&lt;f0000000040b9240&gt;] ia64_leave_kernel+0x0/0x300 (XEN) sp=f000000007917e00 bsp=f000000007911380 (XEN) Domain 0 crashed: rebooting machine in 5 seconds. (XEN) priv_emulate: priv_handle_op fails, isr=0x20000000000 iip=4000000000002980 Version-Release number of selected component (if applicable): kernel-xen-2.6.18-194.2.1.el5 How reproducible: Steps to Reproduce: submit the job xml (see attachment, and MODIFY the submitter field) submit_job.py -S rhts.redhat.com -j kernel_tier1_rerun_ia64-panic.xml Actual results: kernel panic Expected results: pass the test Additional info: job link <a href="http://rhts.redhat.com/cgi-bin/rhts/jobs.cgi?id=152572">http://rhts.redhat.com/cgi-bin/rhts/jobs.cgi?id=152572</a> and this also happens on 2.6.18-194.el5 and 164.15.1.

Affected SoftwareAffected VersionHow to fix
Red Hat Linux kernel>=2.6.18-194.el5<=2.6.18-194.el5

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of REDHAT-BUG-586415?

    The severity of REDHAT-BUG-586415 is classified as moderate.

  • What issues does REDHAT-BUG-586415 address?

    REDHAT-BUG-586415 addresses issues related to the Red Hat Kernel affecting RHTS testing.

  • How do I fix REDHAT-BUG-586415?

    To fix REDHAT-BUG-586415, update the Red Hat Kernel to a version later than 2.6.18-194.el5.

  • Which versions of Red Hat Kernel are affected by REDHAT-BUG-586415?

    REDHAT-BUG-586415 affects Red Hat Kernel version 2.6.18-194.el5 and earlier.

  • Is there a workaround for REDHAT-BUG-586415?

    Currently, there is no specified workaround for REDHAT-BUG-586415 other than upgrading the kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203