CVE-2010-4249
First published: Wed Nov 24 2010(Updated: )
<a href="http://lkml.org/lkml/2010/11/23/395">http://lkml.org/lkml/2010/11/23/395</a> Reported by Vegard Nossum: "I found this program lying around on my laptop. It kills my box (2.6.35) instantly by consuming a lot of memory (allocated by the kernel, so the process doesn't get killed by the OOM killer). As far as I can tell, the memory isn't being freed when the program exits either. Maybe it will eventually get cleaned up the UNIX socket garbage collector thing, but in that case it doesn't get called quickly enough to save my machine at least." Reproducer: <a href="http://lkml.org/lkml/2010/11/23/395">http://lkml.org/lkml/2010/11/23/395</a> Partial fix: <a href="http://lkml.org/lkml/2010/11/23/450">http://lkml.org/lkml/2010/11/23/450</a> Remaining fix: <a href="http://marc.info/?l=linux-netdev&m=129059035929046&w=2">http://marc.info/?l=linux-netdev&m=129059035929046&w=2</a> From Eric Dumazet: "we can eat all LOWMEM memory before unix_gc() being called from unix_release_sock(). Moreover, the thread blocked in unix_gc() can consume huge amount of time to perform cleanup because of huge working set. One way to handle this is to have a sensible limit on unix_tot_inflight, tested from wait_for_unix_gc() and to force a call to unix_gc() if this limit is hit. This solves the OOM and also reduce overall latencies, and should not slowdown normal workloads." Acknowledgements: Red Hat would like to thank Vegard Nossum for reporting this issue.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | =2.6.37-rc2 | |
| Linux Linux kernel | =2.6.37-rc1 | |
| Linux Linux kernel | <2.6.37 | |
| Linux Linux kernel | =2.6.37 | |
| Fedoraproject Fedora | =13 | |
| debian/linux-2.6 | ||
| debian/user-mode-linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/11/24/2
- http://www.openwall.com/lists/oss-security/2010/11/24/10
- http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2
- http://marc.info/?l=linux-netdev&m=129059035929046&w=2
- http://www.securityfocus.com/bid/45037
- http://lkml.org/lkml/2010/11/23/450
- http://lkml.org/lkml/2010/11/25/8
- http://www.exploit-db.com/exploits/15622/
- https://bugzilla.redhat.com/show_bug.cgi?id=656756
- http://lkml.org/lkml/2010/11/23/395
- http://secunia.com/advisories/42354
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
- http://www.vupen.com/english/advisories/2010/3321
- http://secunia.com/advisories/42745
- http://www.redhat.com/support/errata/RHSA-2011-0162.html
- http://secunia.com/advisories/42963
- http://www.vupen.com/english/advisories/2011/0168
- http://secunia.com/advisories/42890
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
- http://secunia.com/advisories/46397
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84b
- http://marc.info/?l=linux-netdev&m=129059035929046&w=2
- https://launchpad.net/bugs/cve/CVE-2010-4249
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b
- http://thread.gmane.org/gmane.linux.network/179049/focus=179051
- http://www.spinics.net/lists/netdev/msg147946.html
- https://rhn.redhat.com/errata/RHSA-2011-0007.html
- https://rhn.redhat.com/errata/RHSA-2011-0162.html
- https://rhn.redhat.com/errata/RHSA-2011-0303.html
- https://rhn.redhat.com/errata/RHSA-2011-0330.html
- https://access.redhat.com/security/cve/CVE-2010-4249
- https://security-tracker.debian.org/tracker/CVE-2010-4249
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
- https://nvd.nist.gov/vuln/detail/CVE-2010-4249
- https://ubuntu.com/security/CVE-2010-4249
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4249
- agent/softwarecombine
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/event
- agent/description
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.37-rc2
- version/linux linux kernel/2.6.37-rc1
- version/linux linux kernel/2.6.37
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/13
- package-manager/debian