CVE-2010-2240
03.09.2010, 20:00
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 ≤ 2.6.27.51 |
| linux | linux_kernel | 2.6.32 |
| linux | linux_kernel | 2.6.32.1 |
| linux | linux_kernel | 2.6.32.2 |
| linux | linux_kernel | 2.6.32.3 |
| linux | linux_kernel | 2.6.32.4 |
| linux | linux_kernel | 2.6.32.5 |
| linux | linux_kernel | 2.6.32.6 |
| linux | linux_kernel | 2.6.32.7 |
| linux | linux_kernel | 2.6.32.8 |
| linux | linux_kernel | 2.6.32.9 |
| linux | linux_kernel | 2.6.32.10 |
| linux | linux_kernel | 2.6.32.11 |
| linux | linux_kernel | 2.6.32.12 |
| linux | linux_kernel | 2.6.32.13 |
| linux | linux_kernel | 2.6.32.14 |
| linux | linux_kernel | 2.6.32.15 |
| linux | linux_kernel | 2.6.32.16 |
| linux | linux_kernel | 2.6.32.17 |
| linux | linux_kernel | 2.6.32.18 |
| linux | linux_kernel | 2.6.34.1 |
| linux | linux_kernel | 2.6.34.2 |
| linux | linux_kernel | 2.6.34.3 |
| linux | linux_kernel | 2.6.35.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||||
| linux-ec2 |
| ||||||||||||
| linux-fsl-imx51 |
| ||||||||||||
| linux-mvl-dove |
| ||||||||||||
| linux-source-2.6.15 |
|
References