CVE-2010-3858
published 2010-11-30CVE-2010-3858: The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory…
PriorityP420medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.91%
55.6th percentile
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| linux | linux_kernel | < 2.6.37 | 2.6.37 |
| linux | linux_kernel | < 2.6.36 | 2.6.36 |
| vmware | vmware_esxi | — | — |
| vmware | vmware_workstation | — | — |
| vmware | vsphere | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware ESX third party updates for Service Console packages glibc and dhcp
vendor_vmware·2011-10-12·CVSS 4.7
CVE-2010-0296 [MEDIUM] VMware ESX third party updates for Service Console packages glibc and dhcp
VMSA-2011-0012: VMware ESX third party updates for Service Console packages glibc and dhcp
a. ESX third party update for Service Console kernel This update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues. The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CV
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 2.1
CVE-2011-1171 [LOW] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)
vendor_ubuntu·2011-03-25·CVSS 7.2
CVE-2010-2478 [HIGH] Linux Kernel vulnerabilities (Marvell Dove)
Title: Linux Kernel vulnerabilities (Marvell Dove)
Summary: An attacker could send crafted input to the kernel and cause it to
crash.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hutchings discovered that the ethtool interface did not correctly check
certain sizes. A local attacker could perform malicious ioctl calls that
could crash the system, leadin
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-03-03·CVSS 4.7
CVE-2009-4895 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-28·CVSS 4.7
CVE-2009-4895 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-25·CVSS 4.7
CVE-2009-4895 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
leading to potential data loss. (CVE-2010-2066)
Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly
check file permissions. A local attacker could exploit this to read from
write-only files, leading to a loss of privacy. (CVE-2010-2226)
Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory
manager did not properly handle when applications grow stacks into adjacent
memory regi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-25·CVSS 4.6
CVE-2010-3699 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)
Dan Jaco
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-01-10·CVSS 7.1
CVE-2010-3698 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple security flaws in Linux kernel.
Louis Rilling and Matthieu Fertré reported a use after free error in the
Linux kernel's futex_wait function. A local user could exploit this flaw to
cause a denial of service (system crash) or possibly gain privileges via a
specially crafted application. (CVE-2014-0205)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Dan Rosenberg discovered that the btrfs filesystem did not correctly
validate permissions when using the clone function. A local attacker could
overwrite the contents of file handles that were o
Red Hat
kernel: setup_arg_pages: diagnose excessive argument size
vendor_redhat·2010-08-13·CVSS 7.2
CVE-2010-3858 [HIGH] kernel: setup_arg_pages: diagnose excessive argument size
kernel: setup_arg_pages: diagnose excessive argument size
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as they did not backport the upstream commit b6a2fea3 that introduced the issue. This was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0004.html and
https://rhn.redhat.com/
Red Hat
kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads
vendor_redhat·2010-08-13·CVSS 4.9
CVE-2010-4243 [MEDIUM] kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads
kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
GHSA
GHSA-j2mv-rmhw-vq9m: The setup_arg_pages function in fs/exec
ghsa_unreviewed·2022-05-13·CVSS 7.2
CVE-2010-3858 [HIGH] CWE-400 GHSA-j2mv-rmhw-vq9m: The setup_arg_pages function in fs/exec
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
GHSA
GHSA-rj5f-f43f-cfhc: fs/exec
ghsa_unreviewed·2022-05-13·CVSS 4.9
CVE-2010-4243 [MEDIUM] CWE-400 GHSA-rj5f-f43f-cfhc: fs/exec
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b528181b2ffa14721fb28ad1bd539fe1732c583http://grsecurity.net/~spender/64bit_dos.chttp://secunia.com/advisories/42758http://secunia.com/advisories/42789http://secunia.com/advisories/46397http://www.debian.org/security/2010/dsa-2126http://www.exploit-db.com/exploits/15619http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36http://www.mandriva.com/security/advisories?name=MDVSA-2010:257http://www.openwall.com/lists/oss-security/2010/10/21/1http://www.openwall.com/lists/oss-security/2010/10/22/4http://www.redhat.com/support/errata/RHSA-2010-0958.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0004.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.securityfocus.com/bid/44301http://www.ubuntu.com/usn/USN-1041-1http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttp://www.vupen.com/english/advisories/2011/0024http://www.vupen.com/english/advisories/2011/0070https://bugzilla.redhat.com/show_bug.cgi?id=645222http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b528181b2ffa14721fb28ad1bd539fe1732c583http://grsecurity.net/~spender/64bit_dos.chttp://secunia.com/advisories/42758http://secunia.com/advisories/42789http://secunia.com/advisories/46397http://www.debian.org/security/2010/dsa-2126http://www.exploit-db.com/exploits/15619http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36http://www.mandriva.com/security/advisories?name=MDVSA-2010:257http://www.openwall.com/lists/oss-security/2010/10/21/1http://www.openwall.com/lists/oss-security/2010/10/22/4http://www.redhat.com/support/errata/RHSA-2010-0958.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0004.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.securityfocus.com/bid/44301http://www.ubuntu.com/usn/USN-1041-1http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttp://www.vupen.com/english/advisories/2011/0024http://www.vupen.com/english/advisories/2011/0070https://bugzilla.redhat.com/show_bug.cgi?id=645222
2010-11-30
Published