CVE-2010-3904

high-risk
Published 2010-12-06

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Do I need to act?

~
1.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
2 public exploits available
44677, 15285
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (18)

Affected Vendors

Vmware Linux Opensuse Canonical Redhat Suse

References (39)

Broken Link http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=...
Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
Exploit http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_p...
Broken Link http://secunia.com/advisories/46397
Broken Link http://securitytracker.com/id?1024613
Third Party Advisory http://www.kb.cert.org/vuls/id/362983
Broken Link http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
Broken Link http://www.redhat.com/support/errata/RHSA-2010-0792.html
Broken Link http://www.redhat.com/support/errata/RHSA-2010-0842.html
Broken Link http://www.securityfocus.com/archive/1/520102/100/0/threaded
Third Party Advisory http://www.ubuntu.com/usn/USN-1000-1
Third Party Advisory http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Broken Link http://www.vsecurity.com/download/tools/linux-rds-exploit.c
Broken Link http://www.vsecurity.com/resources/advisory/20101019-1/
Broken Link http://www.vupen.com/english/advisories/2011/0298
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=642896
Exploit https://www.exploit-db.com/exploits/44677/
Broken Link http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=...
and 19 more references
61
/ 100
high-risk
Severity 24/34 · High
Exploitability 18/34 · Moderate
Exposure 19/34 · Moderate