CVE-2010-3904
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 12, 2010
- Published Date
- December 06, 2010
- Last Updated
- February 07, 2025
- Vendor
- Linux
- Product
- Linux Kernel
- Description
- The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2023-05-12 00:00:00 UTC) Source
linux
cisa
metasploit_scanner
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.kb.cert.org/vuls/id/362983
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.ubuntu.com/usn/USN-1000-1
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://secunia.com/advisories/46397
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
https://www.exploit-db.com/exploits/44677/
http://securitytracker.com/id?1024613
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.vupen.com/english/advisories/2011/0298
https://bugzilla.redhat.com/show_bug.cgi?id=642896
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.vsecurity.com/resources/advisory/20101019-1/
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-05-12 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb | 2025-04-29 11:01:17 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
rds_rds_page_copy_user_priv_esc
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-3904
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit