FKIE_CVE-2010-4243

Vulnerability from fkie_nvd - Published: 2011-01-22 22:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c
secalert@redhat.comhttp://grsecurity.net/~spender/64bit_dos.cBroken Link
secalert@redhat.comhttp://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.htmlBroken Link
secalert@redhat.comhttp://lkml.org/lkml/2010/8/27/429Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://lkml.org/lkml/2010/8/29/206Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://lkml.org/lkml/2010/8/30/138Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://lkml.org/lkml/2010/8/30/378Mailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/11/22/15Mailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/11/22/6Mailing List, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/42884Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/46397Third Party Advisory
secalert@redhat.comhttp://www.exploit-db.com/exploits/15619Exploit, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/45004Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=625688Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64700VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c
af854a3a-2127-422b-91ae-364da2661108http://grsecurity.net/~spender/64bit_dos.cBroken Link
af854a3a-2127-422b-91ae-364da2661108http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lkml.org/lkml/2010/8/27/429Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lkml.org/lkml/2010/8/29/206Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lkml.org/lkml/2010/8/30/138Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lkml.org/lkml/2010/8/30/378Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2010/11/22/15Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2010/11/22/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42884Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46397Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/15619Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45004Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=625688Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64700VDB Entry
Impacted products
Vendor Product Version
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76630B45-B590-4651-972E-F938A83010C0",
              "versionEndExcluding": "2.6.37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."
    },
    {
      "lang": "es",
      "value": "fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el \"OOM Killer\" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (2) entorno, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de la memoria) a trav\u00e9s de una llamada del sistema exec modificada. Tambi\u00e9n conocido como \"OOM dodging issue\". Relacionado con la vulnerabilidad CVE-2010-3858."
    }
  ],
  "id": "CVE-2010-4243",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-22T22:00:04.240",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://grsecurity.net/~spender/64bit_dos.c"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/27/429"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/29/206"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/30/138"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/30/378"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/22/15"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/22/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42884"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/15619"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45004"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://grsecurity.net/~spender/64bit_dos.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/27/429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/29/206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/30/138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/8/30/378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/22/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/22/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/15619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.