CVE-2010-2240

CVE Details

Release Date:

2010-09-03

Description

The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

See more information about CVE-2010-2240 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score:	7.2	Base Metrics:	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector:	Local network	Attack Complexity:	Low
Authentication:	None required	Confidentiality Impact:	Complete
Integrity Impact:	Complete	Availability Impact:	Complete

Errata information

Platform	Errata	Release Date
Oracle Enterprise Linux version 4 (kernel)	ELSA-2010-0676	2010-09-07
Oracle Enterprise Linux version 4 (ocfs2-2.6.9-89.0.29.0.1.EL)	ELSA-2010-0676	2010-09-07
Oracle Enterprise Linux version 4 (oracleasm-2.6.9-89.0.29.0.1.EL)	ELSA-2010-0676	2010-09-07
Oracle Linux version 5 (kernel)	ELSA-2010-0661	2010-08-31
Oracle Linux version 5 (ocfs2-2.6.18-194.11.3.0.1.el5)	ELSA-2010-0661	2010-08-31
Oracle Linux version 5 (oracleasm-2.6.18-194.11.3.0.1.el5)	ELSA-2010-0661	2010-08-31

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team