Medium severity5.5NVD Advisory· Published May 17, 2012· Updated Apr 29, 2026

CVE-2011-4097

Description

Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:*
Range: <3.1.8
Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Patches

56c6a8a4aadc

oom: fix integer overflow of points in oom_badness

https://github.com/torvalds/linuxFrantisek HrbataDec 20, 2011via nvd-ref

commit

1 file changed · +1 −1

mm/oom_kill.c+1 −1 modified

@@ -162,7 +162,7 @@ static bool oom_unkillable_task(struct task_struct *p,
 unsigned int oom_badness(struct task_struct *p, struct mem_cgroup *mem,
 		      const nodemask_t *nodemask, unsigned long totalpages)
 {
-	int points;
+	long points;
 
 	if (oom_unkillable_task(p, mem, nodemask))
 		return 0;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2011/11/01/2nvdExploitMailing ListThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatchThird Party Advisory
github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387fnvdExploitPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000