CVE-2010-3904
Last modified
CVE-2010-3904 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.. CISA has confirmed active exploitation in the wild. EPSS estimates a 11.22% chance of exploitation in the next 30 days.
Description
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | < 2.6.36 | — |
| Opensuse | Opensuse | 11.2 | — |
| Opensuse | Opensuse | 11.3 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp1 |
| Suse | Linux Enterprise Real Time Extension | 11 | Sp1 |
| Suse | Linux Enterprise Server | 11 | Sp1 |
| Canonical | Ubuntu Linux | 6.06 | — |
| Canonical | Ubuntu Linux | 8.04 | — |
| Canonical | Ubuntu Linux | 9.04 | — |
| Canonical | Ubuntu Linux | 9.10 | — |
| Canonical | Ubuntu Linux | 10.04 | — |
| Canonical | Ubuntu Linux | 10.10 | — |
| Redhat | Enterprise Linux | 5.0 | — |
| Redhat | Enterprise Linux | 6.0 | — |
| Vmware | Esxi | 3.5 | — |
| Vmware | Esxi | 4.0 | — |
| Vmware | Esxi | 4.1 | — |
| Vmware | Esxi | 5.0 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
- http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://secunia.com/advisories/46397Broken Link, Third Party Advisory
- http://securitytracker.com/id?1024613Broken Link, Third Party Advisory, VDB Entry
- http://www.kb.cert.org/vuls/id/362983Third Party Advisory, US Government Resource
- http://www.redhat.com/support/errata/RHSA-2010-0792.htmlBroken Link, Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0842.htmlBroken Link, Third Party Advisory
- http://www.securityfocus.com/archive/1/520102/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2011/0298Broken Link, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=642896Issue Tracking, Patch, Third Party Advisory
- https://www.exploit-db.com/exploits/44677/Exploit, Third Party Advisory, VDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
- http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://secunia.com/advisories/46397Broken Link, Third Party Advisory
- http://securitytracker.com/id?1024613Broken Link, Third Party Advisory, VDB Entry
- http://www.kb.cert.org/vuls/id/362983Third Party Advisory, US Government Resource
- http://www.redhat.com/support/errata/RHSA-2010-0792.htmlBroken Link, Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0842.htmlBroken Link, Third Party Advisory
- http://www.securityfocus.com/archive/1/520102/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1000-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2011/0298Broken Link, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=642896Issue Tracking, Patch, Third Party Advisory
- https://www.exploit-db.com/exploits/44677/Exploit, Third Party Advisory, VDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3904US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2010-3904?
How severe is CVE-2010-3904?
How do I fix CVE-2010-3904?
Are you affected by CVE-2010-3904?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST