CVE-2010-4250

Linux Kernel < 2.6.37 - Denial of Service via inotify_init1 Memory Leak

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4250. PoCs published by Vegard Nossum.

AI-analyzed exploit summary This exploit triggers a local denial-of-service (DoS) in the Linux kernel by exhausting system resources. It bypasses the inotify instances limit by creating pipes until failure, then repeatedly calling inotify_init() to consume memory.

Description

Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Vegard Nossum · cdoslinux
https://www.exploit-db.com/exploits/35013

This exploit triggers a local denial-of-service (DoS) in the Linux kernel by exhausting system resources. It bypasses the inotify instances limit by creating pipes until failure, then repeatedly calling inotify_init() to consume memory.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Linux kernel (versions affected by CVE-2010-4250)
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0076
EPSS Percentile 50.4%

Details

CWE
CWE-399
Status published
Products (4)
linux/linux_kernel 2.6.36.1
linux/linux_kernel 2.6.36.2
linux/linux_kernel 2.6.36.3
linux/linux_kernel < 2.6.36.4
Published Jun 21, 2012
Tracked Since Feb 18, 2026