7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
52.8%
The do_anonymous_page function in mm/memory.c in the Linux kernel before
2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and
2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap,
which allows context-dependent attackers to execute arbitrary code by
writing to the bottom page of a shared memory segment, as demonstrated by a
memory-exhaustion attack against the X.Org X server.
Author | Note |
---|---|
smb | There seem to be three follow-up patches upstream (one of them is not CCed to stable, but should be (gets fixed up actually)). |
jdstrand | caused regression in Xen on hardy |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | linux | < 2.6.24-28.75 | UNKNOWN |
ubuntu | 9.04 | noarch | linux | < 2.6.28-19.64 | UNKNOWN |
ubuntu | 9.10 | noarch | linux | < 2.6.31-22.63 | UNKNOWN |
ubuntu | 10.04 | noarch | linux | < 2.6.32-24.41 | UNKNOWN |
ubuntu | 10.10 | noarch | linux | < 2.6.35-16.22 | UNKNOWN |
ubuntu | 9.10 | noarch | linux-ec2 | < 2.6.31-307.17 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-308.15 | UNKNOWN |
ubuntu | 9.10 | noarch | linux-fsl-imx51 | < 2.6.31-112.30 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-fsl-imx51 | < 2.6.31-608.19 | UNKNOWN |
ubuntu | 9.10 | noarch | linux-mvl-dove | < 2.6.31-214.30 | UNKNOWN |
www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
launchpad.net/bugs/cve/CVE-2010-2240
nvd.nist.gov/vuln/detail/CVE-2010-2240
security-tracker.debian.org/tracker/CVE-2010-2240
ubuntu.com/security/notices/USN-1074-1
ubuntu.com/security/notices/USN-974-1
ubuntu.com/security/notices/USN-974-2
www.cve.org/CVERecord?id=CVE-2010-2240