CVE-2010-4243

Published: 22 January 2011

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

From the Ubuntu security team

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c
Upstream: http://git.kernel.org/linus/114279be2120a916e8a04feeb2ac976a10016f2f
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc5)