{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/11/22/6"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "RHSA-2011:0017", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"}, {"name": "linux-kernel-execve-dos(64700)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"}, {"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2010/8/30/378"}, {"name": "15619", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/15619"}, {"name": "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"}, {"name": "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/11/22/15"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"name": "42884", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42884"}, {"name": "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2010/8/27/429"}, {"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2010/8/30/138"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"}, {"tags": ["x_refsource_MISC"], "url": "http://grsecurity.net/~spender/64bit_dos.c"}, {"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2010/8/29/206"}, {"name": "45004", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45004"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:34:37.819Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20101122 CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/11/22/6"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "RHSA-2011:0017", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"}, {"name": "linux-kernel-execve-dos(64700)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"}, {"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2010/8/30/378"}, {"name": "15619", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/15619"}, {"name": "[linux-kernel] 20101130 [PATCH 1/2] exec: make argv/envp memory visible to oom-killer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"}, {"name": "[oss-security] 20101122 Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/11/22/15"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"name": "42884", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42884"}, {"name": "[linux-kernel] 20100827 [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2010/8/27/429"}, {"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2010/8/30/138"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://grsecurity.net/~spender/64bit_dos.c"}, {"name": "[linux-kernel] 20100830 Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2010/8/29/206"}, {"name": "45004", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45004"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4243", "datePublished": "2011-01-22T21:00:00", "dateReserved": "2010-11-16T00:00:00", "dateUpdated": "2024-08-07T03:34:37.819Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "76630B45-B590-4651-972E-F938A83010C0", "versionEndExcluding": "2.6.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."}, {"lang": "es", "value": "fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el \"OOM Killer\" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (2) entorno, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de la memoria) a trav\u00e9s de una llamada del sistema exec modificada. Tambi\u00e9n conocido como \"OOM dodging issue\". Relacionado con la vulnerabilidad CVE-2010-3858."}], "id": "CVE-2010-4243", "lastModified": "2024-11-21T01:20:31.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-22T22:00:04.240", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://grsecurity.net/~spender/64bit_dos.c"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/27/429"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/29/206"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/30/138"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/30/378"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/11/22/15"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/11/22/6"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42884"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/46397"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/15619"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45004"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"}, {"source": "secalert@redhat.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://grsecurity.net/~spender/64bit_dos.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/27/429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/29/206"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/30/138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lkml.org/lkml/2010/8/30/378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/11/22/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2010/11/22/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/46397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/15619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Brad Spengler for reporting this issue.", "affected_release": [{"advisory": "RHSA-2011:0017", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-238.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-01-13T00:00:00Z"}, {"advisory": "RHSA-2011:0283", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-71.18.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-02-22T00:00:00Z"}, {"advisory": "RHSA-2011:1253", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:2.6.33.9-rt31.75.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2011-09-12T00:00:00Z"}], "bugzilla": {"description": "kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads", "id": "625688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."], "name": "CVE-2010-4243", "public_date": "2010-08-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4243\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4243"], "threat_severity": "Moderate"}