Back to search
CVE-2010-3858
Published: Nov 30, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
42789
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0024
vdb-entry
x_refsource_VUPEN
RHSA-2011:0004
vendor-advisory
x_refsource_REDHAT
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
mailing-list
x_refsource_BUGTRAQ
46397
third-party-advisory
x_refsource_SECUNIA
USN-1041-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20101021 CVE request: kernel: setup_arg_pages: diagnose excessive argument size
mailing-list
x_refsource_MLIST
RHSA-2010:0958
vendor-advisory
x_refsource_REDHAT
MDVSA-2010:257
vendor-advisory
x_refsource_MANDRIVA
15619
exploit
x_refsource_EXPLOIT-DB
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
x_refsource_CONFIRM
42758
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20101022 Re: CVE request: kernel: setup_arg_pages: diagnose excessive argument size
mailing-list
x_refsource_MLIST
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
x_refsource_CONFIRM
44301
vdb-entry
x_refsource_BID
http://grsecurity.net/~spender/64bit_dos.c
x_refsource_MISC
ADV-2011-0070
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=645222
x_refsource_CONFIRM
DSA-2126
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now