Originally, the CVE-2010-4250 identifier has been assigned to the
following vulnerability:
Memory leak in the inotify_init() system call could, in some cases,
leak a group, allowing a local, unprivileged user to eventually cause
a denial of service.
References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4250
Later, it was found that relevant upstream commit:
a2ae4cc9a16e211c8a128ba10d22a85431f093ab, v2.6.37-rc5
did not properly address the issue / introduced a regression
(slab corruption by double free of user_struct in inotify_init1),
which could allow a local, unprivileged user to cause a denial of
service (kernel crash).
Comment 5Eugene Teo (Security Response)
2011-04-11 03:28:36 UTC