Vulnerability Details : CVE-2010-1087
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.
Vulnerability category: Denial of service
Products affected by CVE-2010-1087
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1087
2.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1087
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
Vendor statements for CVE-2010-1087
-
Red Hat 2010-04-07Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1087 This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include the upstream commit 150030b7 that had introduced the problem. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
References for CVE-2010-1087
-
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List;Third Party Advisory
-
http://www.debian.org/security/2010/dsa-2053
Debian -- Security Information -- DSA-2053-1 linux-2.6Third Party Advisory
-
http://secunia.com/advisories/40645
Sign inThird Party Advisory
-
http://secunia.com/advisories/43315
Sign inThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=9f557cd8073104b39528794d44e129331ded649f
-
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
VMSA-2011-0003.2Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10442
Repository / Oval RepositoryThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/1857
Webmail | OVH- OVHThird Party Advisory
-
http://www.securityfocus.com/bid/39569
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9f557cd8073104b39528794d44e129331ded649f
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2010/03/03/1
oss-security - CVE request: kernel: NFS: Fix an Oops when truncating a fileMailing List;Patch;Third Party Advisory
-
http://secunia.com/advisories/39830
Sign inThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=567184
567184 – (CVE-2010-1087) CVE-2010-1087 kernel: NFS: Fix an Oops when truncating a fileIssue Tracking;Patch;Third Party Advisory
Jump to