Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0623 to the following vulnerability: Name: CVE-2010-0623 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0623 Assigned: 20100211 Reference: MLIST:[oss-security] 20100211 Re: CVE request - kernel: futex: Handle user space corruption gracefully Reference: URL: http://www.openwall.com/lists/oss-security/2010/02/11/2 Reference: CONFIRM: http://bugzilla.kernel.org/show_bug.cgi?id=14256 Reference: CONFIRM: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc Reference: CONFIRM: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7 The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem.
This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. It was introduced by upstream commit 42d35d48c (v2.6.29-rc1~226).