CVE-2010-4243

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
linuxlinux_kernel
𝑥
< 2.6.37
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
natty
Fixed 2.6.37-9.22
released
maverick
Fixed 2.6.35-25.43
released
lucid
Fixed 2.6.32-32.62
released
karmic
ignored
hardy
not-affected
dapper
dne
linux-ec2
natty
dne
maverick
ignored
lucid
Fixed 2.6.32-316.30
released
karmic
ignored
hardy
dne
dapper
dne
linux-fsl-imx51
natty
dne
maverick
dne
lucid
Fixed 2.6.31-610.27
released
karmic
ignored
hardy
dne
dapper
dne
linux-lts-backport-maverick
natty
dne
maverick
dne
lucid
Fixed 2.6.35-25.44~lucid1
released
karmic
dne
hardy
dne
dapper
dne
linux-lts-backport-natty
natty
dne
maverick
dne
lucid
not-affected
hardy
dne
linux-mvl-dove
natty
dne
maverick
Fixed 2.6.32-417.34
released
lucid
Fixed 2.6.32-217.34
released
karmic
ignored
hardy
dne
dapper
dne
linux-source-2.6.15
natty
dne
maverick
dne
lucid
dne
karmic
dne
hardy
dne
dapper
not-affected
linux-ti-omap4
natty
not-affected
maverick
Fixed 2.6.35-903.23
released
lucid
dne
karmic
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c
http://grsecurity.net/~spender/64bit_dos.c
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://lkml.org/lkml/2010/8/27/429
http://lkml.org/lkml/2010/8/29/206
http://lkml.org/lkml/2010/8/30/138
http://lkml.org/lkml/2010/8/30/378
http://openwall.com/lists/oss-security/2010/11/22/15
http://openwall.com/lists/oss-security/2010/11/22/6
http://secunia.com/advisories/42884
http://secunia.com/advisories/46397
http://www.exploit-db.com/exploits/15619
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/45004
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=625688
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c
http://grsecurity.net/~spender/64bit_dos.c
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://lkml.org/lkml/2010/8/27/429
http://lkml.org/lkml/2010/8/29/206
http://lkml.org/lkml/2010/8/30/138
http://lkml.org/lkml/2010/8/30/378
http://openwall.com/lists/oss-security/2010/11/22/15
http://openwall.com/lists/oss-security/2010/11/22/6
http://secunia.com/advisories/42884
http://secunia.com/advisories/46397
http://www.exploit-db.com/exploits/15619
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/45004
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=625688
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700