CVE-2010-3858
Published: 30 November 2010
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
From the Ubuntu security team
Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service.
Priority
Medium
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858
- https://ubuntu.com/security/notices/USN-1041-1
- https://ubuntu.com/security/notices/USN-1072-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://ubuntu.com/security/notices/USN-1202-1
- NVD
- Launchpad
- Debian