// For flags

CVE-2010-4243

Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el "OOM Killer" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (2) entorno, lo que permite a usuarios locales provocar una denegación de servicio (consumo de la memoria) a través de una llamada del sistema exec modificada. También conocido como "OOM dodging issue". Relacionado con la vulnerabilidad CVE-2010-3858.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-11-16 CVE Reserved
  • 2010-11-26 First Exploit
  • 2011-01-22 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (21)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c X_refsource_confirm
http://grsecurity.net/~spender/64bit_dos.c Broken Link
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html Broken Link
http://lkml.org/lkml/2010/8/30/378 Mailing List
http://openwall.com/lists/oss-security/2010/11/22/15 Mailing List
http://openwall.com/lists/oss-security/2010/11/22/6 Mailing List
http://secunia.com/advisories/42884 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 Broken Link
http://www.securityfocus.com/archive/1/520102/100/0/threaded Mailing List
http://www.securityfocus.com/bid/45004 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700 Vdb Entry
URL Date SRC
https://www.exploit-db.com/exploits/15619 2010-11-26
http://www.exploit-db.com/exploits/15619 2024-08-07
URL Date SRC
http://lkml.org/lkml/2010/8/27/429 2023-02-13
http://lkml.org/lkml/2010/8/29/206 2023-02-13
http://lkml.org/lkml/2010/8/30/138 2023-02-13
URL Date SRC
http://www.redhat.com/support/errata/RHSA-2011-0017.html 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=625688 2011-09-12
https://access.redhat.com/security/cve/CVE-2010-4243 2011-09-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37"
-
Affected