CVE-2010-4243

{"id": "CVE-2010-4243", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-22T22:00:04.240", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c77f845722158206a7209c45ccddc264d19319c", "source": "secalert@redhat.com"}, {"url": "http://grsecurity.net/~spender/64bit_dos.c", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://lkml.org/lkml/2010/8/27/429", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lkml.org/lkml/2010/8/29/206", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lkml.org/lkml/2010/8/30/138", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lkml.org/lkml/2010/8/30/378", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2010/11/22/15", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2010/11/22/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42884", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/46397", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.exploit-db.com/exploits/15619", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/45004", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625688", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64700", "tags": ["VDB Entry"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an \"OOM dodging issue,\" a related issue to CVE-2010-3858."}, {"lang": "es", "value": "fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el \"OOM Killer\" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (2) entorno, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de la memoria) a trav\u00e9s de una llamada del sistema exec modificada. Tambi\u00e9n conocido como \"OOM dodging issue\". Relacionado con la vulnerabilidad CVE-2010-3858."}], "lastModified": "2023-02-13T04:28:22.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76630B45-B590-4651-972E-F938A83010C0", "versionEndExcluding": "2.6.37"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}