7.8
CVE-2010-3904
- EPSS 11.22%
- Veröffentlicht 06.12.2010 20:13:00
- Zuletzt bearbeitet 16.06.2026 23:23:47
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.36
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version11 Updatesp1
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Redhat ≫ Enterprise Linux Version5.0
Redhat ≫ Enterprise Linux Version6.0
12.05.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Improper Input Validation Vulnerability
SchwachstelleLinux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
BeschreibungThe impacted product is end-of-life and should be disconnected if still in use.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.22% | 0.954 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
http://secunia.com/advisories/46397
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.ubuntu.com/usn/USN-1000-1
http://www.vupen.com/english/advisories/2011/0298
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
http://securitytracker.com/id?1024613
http://www.kb.cert.org/vuls/id/362983
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.vsecurity.com/resources/advisory/20101019-1/
https://bugzilla.redhat.com/show_bug.cgi?id=642896
https://www.exploit-db.com/exploits/44677/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904