Back to search
CVE-2010-4243
Published: Jan 22, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
mailing-list
x_refsource_BUGTRAQ
RHSA-2011:0017
vendor-advisory
x_refsource_REDHAT
46397
third-party-advisory
x_refsource_SECUNIA
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=625688
x_refsource_CONFIRM
linux-kernel-execve-dos(64700)
vdb-entry
x_refsource_XF
[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer
mailing-list
x_refsource_MLIST
15619
exploit
x_refsource_EXPLOIT-DB
[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer
mailing-list
x_refsource_MLIST
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
x_refsource_CONFIRM
42884
third-party-advisory
x_refsource_SECUNIA
[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer
mailing-list
x_refsource_MLIST
[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer
mailing-list
x_refsource_MLIST
http://grsecurity.net/~spender/64bit_dos.c
x_refsource_MISC
[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer
mailing-list
x_refsource_MLIST
45004
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now