Vulnerability Details : CVE-2010-1148

The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.

Vulnerability category: Memory CorruptionDenial of service

Published 2010-04-12 17:30:00

Updated 2020-08-28 16:22:33

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-1148

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-1148

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.7	MEDIUM	AV:L/AC:M/Au:N/C:N/I:N/A:C	3.4	6.9	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2010-1148

CWE-476 NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Assigned by: [email protected] (Primary)

Vendor statements for CVE-2010-1148

Red Hat 2010-04-30

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for POSIX opens on lookup.

References for CVE-2010-1148

http://marc.info/?l=oss-security&m=127045754521927&w=2

Mailing List;Third Party Advisory
http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html

Mailing List;Patch;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=579445

Issue Tracking;Patch;Third Party Advisory
http://marc.info/?l=oss-security&m=127045779122119&w=2

Mailing List;Third Party Advisory
http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html

Mailing List;Patch;Third Party Advisory
http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html

Mailing List;Patch;Third Party Advisory
http://openwall.com/lists/oss-security/2010/04/06/2

Mailing List;Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/57561

Third Party Advisory;VDB Entry
http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html

Mailing List;Patch;Third Party Advisory
http://www.securityfocus.com/bid/39186

Third Party Advisory;VDB Entry
http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/

Exploit;Third Party Advisory

Products affected by CVE-2010-1148

Linux » Linux Kernel
Versions up to, including, (<=) 2.6.33.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions