CVE-2010-4243
Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el "OOM Killer" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (2) entorno, lo que permite a usuarios locales provocar una denegación de servicio (consumo de la memoria) a través de una llamada del sistema exec modificada. También conocido como "OOM dodging issue". Relacionado con la vulnerabilidad CVE-2010-3858.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-16 CVE Reserved
- 2010-11-26 First Exploit
- 2011-01-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c | X_refsource_confirm | |
| http://grsecurity.net/~spender/64bit_dos.c | Broken Link | |
| http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html | Broken Link | |
| http://lkml.org/lkml/2010/8/30/378 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/11/22/15 | Mailing List | |
| http://openwall.com/lists/oss-security/2010/11/22/6 | Mailing List | |
| http://secunia.com/advisories/42884 | Third Party Advisory | |
| http://secunia.com/advisories/46397 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 | Broken Link | |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/45004 | Third Party Advisory | |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64700 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/15619 | 2010-11-26 | |
| http://www.exploit-db.com/exploits/15619 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://lkml.org/lkml/2010/8/27/429 | 2023-02-13 | |
| http://lkml.org/lkml/2010/8/29/206 | 2023-02-13 | |
| http://lkml.org/lkml/2010/8/30/138 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-0017.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=625688 | 2011-09-12 | |
| https://access.redhat.com/security/cve/CVE-2010-4243 | 2011-09-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37" | - |
Affected
| ||||||