CVE-2010-4243

Linux Kernel < 2.6.37 - Denial of Service

Title source: rule

Description

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

Exploits (1)

exploitdb WORKING POC

by Roland McGrath · cdoslinux

https://www.exploit-db.com/exploits/15619

View Code ZIP pw:eip

References (19)

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c

[Broken Link] http://grsecurity.net/~spender/64bit_dos.c

[Broken Link] http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html

[Mailing List, Patch, Third Party Advisory] http://lkml.org/lkml/2010/8/27/429

[Mailing List, Patch, Third Party Advisory] http://lkml.org/lkml/2010/8/29/206

[Mailing List, Patch, Third Party Advisory] http://lkml.org/lkml/2010/8/30/138

[Mailing List, Third Party Advisory] http://lkml.org/lkml/2010/8/30/378

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2010/11/22/15

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2010/11/22/6

[Third Party Advisory] http://secunia.com/advisories/42884

[Third Party Advisory] http://secunia.com/advisories/46397

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/15619

[Broken Link] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37

[Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2011-0017.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520102/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45004

[Third Party Advisory] http://www.vmware.com/security/advisories/VMSA-2011-0012.html

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=625688

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64700

Scores

EPSS 0.0016

EPSS Percentile 36.3%

Details

CWE

CWE-400

Status published

Products (1)

linux/linux_kernel < 2.6.37

Published Jan 22, 2011

Tracked Since Feb 18, 2026