CVE-2010-0727
Description
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can crash a system by locking a file on GFS/GFS2 filesystems and then changing its permissions to setgid without group-execute.
Vulnerability
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in Red Hat Enterprise Linux (RHEL) 5 and 6, improperly handles POSIX locks on files that have the setgid bit set without group-execute permission. When a file's mode has S_ISGID set but S_IXGRP not set, the code returns -ENOLCK to indicate mandatory locking is not supported, but fails to remove any existing POSIX lock on the file [1]. This leads to a kernel BUG at fs/locks.c:2080 when the lock is later processed [1].
Exploitation
An attacker must have local access to a system mounting a GFS or GFS2 filesystem. The attacker first acquires a POSIX lock on a file (e.g., using flock or fcntl). Then, the attacker changes the file's permissions to set the setgid bit without group-execute permission (e.g., chmod g+s,g-x file). This triggers the flawed code path, causing a kernel BUG and system crash [1].
Impact
Successful exploitation results in a denial of service (system crash) due to a kernel BUG. The crash is local and does not require elevated privileges beyond the ability to lock files and change permissions on the filesystem.
Mitigation
Red Hat released updates via RHSA-2010-0330, RHSA-2010-0521, and RHSA-2010-0380 for RHEL 5 and 6 [2][3][4]. The upstream fix is included in Linux kernel version 2.6.34-rc1-next-20100312. Users should apply the appropriate kernel update from their vendor.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- Range: 5, 6
- Range: < 2.6.34-rc1-next-20100312
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lkml.org/lkml/2010/3/11/269nvdPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2010/03/12/1nvdExploitMailing ListThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatchThird Party Advisory
- secunia.com/advisories/39830nvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2010/dsa-2053nvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2nvdRelease NotesVendor Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0330.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0380.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0521.htmlnvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392nvdThird Party Advisory
News mentions
0No linked articles in our index yet.