CVE-2010-3904
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 12, 2010
- Published Date
- December 06, 2010
- Last Updated
- February 07, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2023-05-12 00:00:00 UTC) Source
References
http://www.kb.cert.org/vuls/id/362983
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
http://www.ubuntu.com/usn/USN-1000-1
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://secunia.com/advisories/46397
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f
https://www.exploit-db.com/exploits/44677/
http://securitytracker.com/id?1024613
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.vupen.com/english/advisories/2011/0298
https://bugzilla.redhat.com/show_bug.cgi?id=642896
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.vsecurity.com/resources/advisory/20101019-1/
http://www.redhat.com/support/errata/RHSA-2010-0792.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-05-12 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb | 2025-04-29 11:01:17 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
rds_rds_page_copy_user_priv_esc
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-3904