CVE-2010-1148 - Vulnerability Details - OpenCVE

The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html
http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html
http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html
http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html
http://marc.info/?l=oss-security&m=127045754521927&w=2
http://marc.info/?l=oss-security&m=127045779122119&w=2
http://openwall.com/lists/oss-security/2010/04/06/2
http://secunia.com/advisories/39344
http://www.securityfocus.com/bid/39186
http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/
https://bugzilla.redhat.com/show_bug.cgi?id=579445
https://exchange.xforce.ibmcloud.com/vulnerabilities/57561
https://www.cve.org/CVERecord?id=CVE-2010-1148

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2010-1148

Thu, 22 May 2025 04:45:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2010-1148 https://www.cve.org/CVERecord?id=CVE-2010-1148

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-04-12T17:00:00

Updated: 2024-08-07T01:14:05.868Z

Reserved: 2010-03-29T00:00:00

Link: CVE-2010-1148

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-04-12T17:30:00.447

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1148

Redhat

Severity : Moderate

Publid Date: 2010-04-02T00:00:00Z

Links: CVE-2010-1148 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20100405 Re: CVE request: kernel: cifs: cifs_create() NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/04/06/2"}, {"name": "[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html"}, {"name": "linux-kernel-cifscreate-dos(57561)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57561"}, {"name": "[linux-cifs-client] 20100404 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html"}, {"name": "39186", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39186"}, {"tags": ["x_refsource_MISC"], "url": "http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/"}, {"name": "39344", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39344"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579445"}, {"name": "[oss-security] 20100405 Re: CVE request: kernel: cifs: cifs_create() NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127045779122119&w=2"}, {"name": "[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html"}, {"name": "[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html"}, {"name": "[oss-security] 20100405 CVE request: kernel: cifs: cifs_create() NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127045754521927&w=2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:14:05.868Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100405 Re: CVE request: kernel: cifs: cifs_create() NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/04/06/2"}, {"name": "[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html"}, {"name": "linux-kernel-cifscreate-dos(57561)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57561"}, {"name": "[linux-cifs-client] 20100404 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html"}, {"name": "39186", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39186"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/"}, {"name": "39344", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39344"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579445"}, {"name": "[oss-security] 20100405 Re: CVE request: kernel: cifs: cifs_create() NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127045779122119&w=2"}, {"name": "[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html"}, {"name": "[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html"}, {"name": "[oss-security] 20100405 CVE request: kernel: cifs: cifs_create() NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127045754521927&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1148", "datePublished": "2010-04-12T17:00:00", "dateReserved": "2010-03-29T00:00:00", "dateUpdated": "2024-08-07T01:14:05.868Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "48803959-D315-4365-A7B2-29AF4AAD950A", "versionEndIncluding": "2.6.33.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions."}, {"lang": "es", "value": "La funci\u00f3n cifs_create en fs/cifs/dir.c en el kernel de Linux v2.6.33.2 y anteriores permite a usuarios locales causar una denegaci\u00f3n de servicio (referencias de puntero nulo y OOPS) o posiblemente tener un impacto no especificado a trav\u00e9s de un campo nameidata NULL (tambien llamado nd) en una solicitud de creaci\u00f3n de archivos POSIX a un servidor que soporta extensiones UNIX."}], "id": "CVE-2010-1148", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-04-12T17:30:00.447", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html"}, {"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html"}, {"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html"}, {"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=oss-security&m=127045754521927&w=2"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=oss-security&m=127045779122119&w=2"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/04/06/2"}, {"source": "[email protected]", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/39344"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/39186"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579445"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005741.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005742.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005746.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lists.samba.org/archive/linux-cifs-client/2010-April/005757.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=oss-security&m=127045754521927&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=oss-security&m=127045779122119&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/04/06/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/39344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/39186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57561"}], "sourceIdentifier": "[email protected]", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for POSIX opens on lookup.", "lastModified": "2010-04-30T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}