Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4243

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

Published

2011-01-22T22:00:04.240

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 2.6.37	Yes

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c ([email protected])
http://grsecurity.net/~spender/64bit_dos.c Broken Link ([email protected])
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html Broken Link ([email protected])
http://lkml.org/lkml/2010/8/27/429 Mailing List, Patch, Third Party Advisory ([email protected])
http://lkml.org/lkml/2010/8/29/206 Mailing List, Patch, Third Party Advisory ([email protected])
http://lkml.org/lkml/2010/8/30/138 Mailing List, Patch, Third Party Advisory ([email protected])
http://lkml.org/lkml/2010/8/30/378 Mailing List, Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/15 Mailing List, Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2010/11/22/6 Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/42884 Third Party Advisory ([email protected])
http://secunia.com/advisories/46397 Third Party Advisory ([email protected])
http://www.exploit-db.com/exploits/15619 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0017.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/520102/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/45004 Third Party Advisory, VDB Entry ([email protected])
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=625688 Issue Tracking, Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700 VDB Entry ([email protected])
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c (af854a3a-2127-422b-91ae-364da2661108)
http://grsecurity.net/~spender/64bit_dos.c Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lkml.org/lkml/2010/8/27/429 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lkml.org/lkml/2010/8/29/206 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lkml.org/lkml/2010/8/30/138 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lkml.org/lkml/2010/8/30/378 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/15 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/11/22/6 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42884 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46397 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/15619 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0017.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/520102/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45004 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=625688 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)