CVE-2010-4243

Published: 22 January 2011

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

From the Ubuntu security team

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c
Upstream: http://git.kernel.org/linus/114279be2120a916e8a04feeb2ac976a10016f2f
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc5)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading