1. Home
  2. Vulnerabilities
  3. CVE-2010-3904

CVE-2010-3904

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.13 % (49th)
0.13% Progress
Affected Products 8
Advisories 27
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Weaknesses
CWE-1284
Improper Validation of Specified Quantity in Input
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Canonical Ltd.
Published Date
2010-12-06 20:13:00
(13 years ago)
Updated Date
2024-06-27 19:23:03
(2 months ago)
Linux Kernel Improper Input Validation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904
Vendor
Linux
Product
Kernel
In CISA Catalog from
2023-05-12
(16 months ago)
Due Date
2023-06-02
(15 months ago)

Affected Products

Canonical

Linux

Opensuse

Redhat

Suse

Vmware

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 2.6.36 version cpe:2.3:o:linux:linux_kernel < 2.6.36

Configuration #2

    CPE23 From Up To
  Opensuse 11.2 cpe:2.3:o:opensuse:opensuse:11.2
  Opensuse 11.3 cpe:2.3:o:opensuse:opensuse:11.3
  Suse Linux Enterprise Desktop 11 SP1 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1
  Suse Linux Enterprise Real Time Extension 11 SP1 cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1
  Suse Linux Enterprise Server 11 SP1 cpe:2.3:o:suse:linux_enterprise_server:11:sp1

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-
  Canonical Ubuntu Linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04
  Canonical Ubuntu Linux 9.10 cpe:2.3:o:canonical:ubuntu_linux:9.10
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-
  Canonical Ubuntu Linux 10.10 cpe:2.3:o:canonical:ubuntu_linux:10.10

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux 5.0 cpe:2.3:o:redhat:enterprise_linux:5.0
  Redhat Enterprise Linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0

Configuration #5

    CPE23 From Up To
  Vmware Esxi 3.5 cpe:2.3:o:vmware:esxi:3.5
  Vmware Esxi 4.0 cpe:2.3:o:vmware:esxi:4.0
  Vmware Esxi 4.1 cpe:2.3:o:vmware:esxi:4.1
  Vmware Esxi 5.0 cpe:2.3:o:vmware:esxi:5.0