Denial of Service Vulnerability in Linux Kernel's setup_arg_pages Function

Denial of Service Vulnerability in Linux Kernel's setup_arg_pages Function

CVE-2010-3858 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.