CVE-2010-4243
Published: 22 January 2011
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
From the Ubuntu security team
Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
Patches: Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3c77f845722158206a7209c45ccddc264d19319c Upstream: http://git.kernel.org/linus/114279be2120a916e8a04feeb2ac976a10016f2f |
||
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc5)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243
- https://usn.ubuntu.com/usn/usn-1141-1
- https://usn.ubuntu.com/usn/usn-1083-1
- https://usn.ubuntu.com/usn/usn-1054-1
- https://usn.ubuntu.com/usn/usn-1162-1
- https://usn.ubuntu.com/usn/usn-1167-1
- https://usn.ubuntu.com/usn/usn-1159-1
- https://usn.ubuntu.com/usn/usn-1202-1
- https://usn.ubuntu.com/usn/usn-1204-1
- NVD
- Launchpad
- Debian