Published: 03/09/2010 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 643

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The do_anonymous_page function in mm/memory.c in the Linux kernel prior to 2.6.27.52, 2.6.32.x prior to 2.6.32.19, 2.6.34.x prior to 2.6.34.4, and 2.6.35.x prior to 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent malicious users to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.32.5
linux linux kernel 2.6.35.1
linux linux kernel 2.6.32.12
linux linux kernel 2.6.32.9
linux linux kernel 2.6.32
linux linux kernel 2.6.32.3
linux linux kernel 2.6.32.17
linux linux kernel 2.6.34.1
linux linux kernel 2.6.32.11
linux linux kernel
linux linux kernel 2.6.32.14
linux linux kernel 2.6.32.6
linux linux kernel 2.6.32.15
linux linux kernel 2.6.32.18
linux linux kernel 2.6.32.4
linux linux kernel 2.6.32.16
linux linux kernel 2.6.34.3
linux linux kernel 2.6.32.7
linux linux kernel 2.6.32.8
linux linux kernel 2.6.32.2
linux linux kernel 2.6.32.1
linux linux kernel 2.6.34.2
linux linux kernel 2.6.32.10
linux linux kernel 2.6.32.13

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointe ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix two security issues and three bugs are nowavailable for Red Hat Enterprise Linux 54 Extended Update SupportThe Red Hat Security Response Team has rated this update as ha ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues and severalbugs are now available for Red Hat Enterprise MRG 12The Red Hat Security Response Team has rated this update as havingimportant ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix two security issues and multiple bugs arenow available for Red Hat Enterprise Linux 53 Extended Update SupportThe Red Hat Security Response Team has rated this update as ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 47 Extended Update SupportThe Red Hat Security Response Team has rated this update as havingimportant security impac ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix two security issues and three bugs arenow available for Red Hat Enterprise MRG 12The Red Hat Security Response Team has rated this update as havingimportant securi ...

This update provides a fix for the Linux kernel when using Xen ...

Multiple kernel flaws ...

The Linux kernel could be made to crash or run programs as root ...

CWE-94 http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19 https://bugzilla.redhat.com/show_bug.cgi?id=606611 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2 https://rhn.redhat.com/errata/RHSA-2010-0661.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52 http://securitytracker.com/id?1024344 http://www.mandriva.com/security/advisories?name=MDVSA-2010:172 http://www.debian.org/security/2010/dsa-2094 http://www.redhat.com/support/errata/RHSA-2010-0660.html http://www.redhat.com/support/errata/RHSA-2010-0670.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.redhat.com/support/errata/RHSA-2010-0882.html http://www.vmware.com/security/advisories/VMSA-2011-0007.html http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://www.vmware.com/security/advisories/VMSA-2011-0009.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247 http://www.securityfocus.com/archive/1/517739/100/0/threaded http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893 https://nvd.nist.gov https://www.debian.org/security/./dsa-2094 https://usn.ubuntu.com/974-2/

Get Started

CVE-2010-2240

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect