CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2010-3904

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score36.6060%
EPSS Percentile91.15th
Published2010年12月6日
Last Modified2026年4月21日

Vulnerability Description

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Affected Platforms (CPE)

💻
Linux

Linux Kernel

< 2.6.36
💻
Opensuse

Opensuse

= 11.2
💻
Opensuse

Opensuse

= 11.3
💻
Suse

Linux Enterprise Desktop

= 11
💻
Suse

Linux Enterprise Real Time Extension

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Canonical

Ubuntu Linux

= 6.06
💻
Canonical

Ubuntu Linux

= 8.04
💻
Canonical

Ubuntu Linux

= 9.04
💻
Canonical

Ubuntu Linux

= 9.10
💻
Canonical

Ubuntu Linux

= 10.04
💻
Canonical

Ubuntu Linux

= 10.10
💻
Redhat

Enterprise Linux

= 5.0
💻
Redhat

Enterprise Linux

= 6.0
💻
Vmware

Esxi

= 3.5
💻
Vmware

Esxi

= 4.0
💻
Vmware

Esxi

= 4.1
💻
Vmware

Esxi

= 5.0

References & Advisories

🔗 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
🔗 http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
🔗 http://secunia.com/advisories/46397
🔗 http://securitytracker.com/id?1024613
🔗 http://www.kb.cert.org/vuls/id/362983

相關漏洞威脅

CVE-2000-074710.0

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and k...

CVE-2002-157210.0

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown imp...

CVE-2000-050610.0

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting th...

CVE-2002-157310.0

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and...