CVE-2010-2240

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.27.52 Linux kernel versions 2.6.32.x prior to 2.6.32.19 Linux kernel versions 2.6.34.x prior to 2.6.34.4 Linux kernel versions 2.6.35.x prior to 2.6.35.2 Red Hat Enterprise Linux kernel versions 2.4.21

Description The issue is related to multiple vulnerabilities in the Linux kernel, which can be exploited remotely to disrupt the availability of protected information. The do anonymous page function in mm/memory.c does not properly separate the stack and the heap, allowing context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment.

Recommendations For Linux kernel versions prior to 2.6.27.52, update to version 2.6.27.52 or later. For Linux kernel versions 2.6.32.x prior to 2.6.32.19, update to version 2.6.32.19 or later. For Linux kernel versions 2.6.34.x prior to 2.6.34.4, update to version 2.6.34.4 or later. For Linux kernel versions 2.6.35.x prior to 2.6.35.2, update to version 2.6.35.2 or later. For Red Hat Enterprise Linux kernel versions 2.4.21, consider upgrading to a newer version of the kernel. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Red Hat Enterprise Linux kernel versions 2.4.21.