Candidate: CVE-2010-4243
Description: mm: mem allocated invisible to oom_kill() when not attached to any threads
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=625688#c0
Notes:
 Quoting Eugene Teo from RH on oss-security:
 > This is the OOM dodging issue that can be triggered with Brad's
 > reproducer at http://grsecurity.net/~spender/64bit_dos.c. Written
 > in the comments: "The second bug here is that the memory usage explodes
 > within the kernel from a single 128k allocation in userland The
 > explosion of memory isn't accounted for by any task so it won't be
 > terminated by the OOM killer."
Bugs:
upstream: released (2.6.37-rc5) [3c77f84, 114279be2120a916e8a04feeb2ac976a10016f2f]
2.6.32-upstream-stable: released (2.6.32.37)
linux-2.6: released (2.6.32-30) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]
2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/exec-make-argv-envp-memory-visible-to-oom-killer.patch, bugfix/all/exec-copy-and-paste-the-fixes-into-compat_do_execve-paths.patch]