CVE-2010-4243
Published: 22 January 2011
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
From the Ubuntu security team
Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Released
(2.6.32-32.62)
|
|
| maverick |
Released
(2.6.35-25.43)
|
|
| natty |
Released
(2.6.37-9.22)
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Released
(2.6.32-316.30)
|
|
| maverick |
Ignored
(binary supplied by "linux" now)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(reached end-of-life)
|
|
| lucid |
Released
(2.6.31-610.27)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(2.6.35-25.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(2.6.38-1.27~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(abandonded branch)
|
|
| lucid |
Released
(2.6.32-217.34)
|
|
| maverick |
Released
(2.6.32-417.34)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.37~rc5)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.23)
|
|
| natty |
Not vulnerable
(2.6.38-1201.2)
|
|
| upstream |
Released
(2.6.37~rc5)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243
- https://ubuntu.com/security/notices/USN-1141-1
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1054-1
- https://ubuntu.com/security/notices/USN-1162-1
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1204-1
- NVD
- Launchpad
- Debian