The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.4.0 (including) | 2.4.26 (excluding) |
Linux_kernel | Linux | 2.6.0 (including) | 2.6.6 (excluding) |
Red Hat Enterprise Linux 3 | RedHat | kernel-0:2.4.21-15.0.2.EL | * |
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
Kernel-source-2.4.27 | Ubuntu | dapper | * |
Kernel-source-2.4.27 | Ubuntu | edgy | * |