Bug 628770 (CVE-2010-2954)
Summary: | CVE-2010-2954 kernel: NULL deref and panic in irda | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | arozansk, cebbert, davej, kmcmartin, lwang, maurizio.antillon, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-21 17:08:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 628771 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2010-08-31 02:02:34 UTC
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as it did not include support for the IrDA protocol. fix: [PATCH] irda: Correctly clean up self->ias_obj on irda_bind() failure. http://www.spinics.net/lists/netdev/msg139404.html In net-2.6.git: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff_plain;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257 Upstream commit: http://git.kernel.org/linus/628e300cccaa628d8fb92aa28cb7530a3d5f2257 This was corrected in Fedora via: kernel-2.6.34.7-56.fc13 kernel-2.6.35.4-28.fc14 |