CVE-2010-4243

Linux Kernel < 2.6.37 - Denial of Service via Stack Memory OOM Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4243. PoCs published by Roland McGrath.

AI-analyzed exploit summary This exploit leverages a kernel bug in 64-bit Linux systems where 32-bit applications are incorrectly allowed excessive stack growth, leading to a kernel BUG() crash. The PoC allocates a large stack and spawns /bin/sh with an excessive argument list to trigger the vulnerability.

Description

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

Exploits (1)

exploitdb WORKING POC

by Roland McGrath · cdoslinux

https://www.exploit-db.com/exploits/15619

View Code ZIP pw:eip

This exploit leverages a kernel bug in 64-bit Linux systems where 32-bit applications are incorrectly allowed excessive stack growth, leading to a kernel BUG() crash. The PoC allocates a large stack and spawns /bin/sh with an excessive argument list to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux Kernel (64-bit systems with 32-bit applications)

No auth needed

Prerequisites: 64-bit Linux system · 32-bit application execution environment · ulimit -s unlimited

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (19)

Core 19

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/11/22/6

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0017.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/46397

Broken Link x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=625688

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/64700

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://lkml.org/lkml/2010/8/30/378

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15619

Broken Link mailing-list x_refsource_mlist

http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/11/22/15

Third Party Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42884

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://lkml.org/lkml/2010/8/27/429

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://lkml.org/lkml/2010/8/30/138

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c

Broken Link x_refsource_misc

http://grsecurity.net/~spender/64bit_dos.c

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://lkml.org/lkml/2010/8/29/206

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45004

Scores

EPSS 0.0091

EPSS Percentile 55.1%

Details

CWE

CWE-400

Status published

Products (1)

linux/linux_kernel < 2.6.37

Published Jan 22, 2011

Tracked Since Feb 18, 2026