CVE-2010-3865

CWE-190 — Integer Overflow CWE-119 — Buffer Overflow15 documents7 sources

Severity

7.2HIGH

EPSS

0.1%

top 78.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Opensuse Opensuse Suse Linux Enterprise High Availability Extension +1 more

Timeline

PublishedJan 11

Latest updateMay 13

Description

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶NVDlinux/linux_kernel2.6.36

▶NVDsuse/linux_enterprise_real_time11

▶NVDsuse/linux_enterprise_high_availability_extension11

▶NVDopensuse/opensuse11.2, 11.3+1

Patches

Patch: www.spinics.net ↗Patch: www.spinics.net ↗

🔴Vulnerability Details

GHSA

GHSA-qm3q-m933-m78g: Integer overflow in the rds_rdma_pages function in net/rds/rdma↗2022-05-13

▶

CVEList

CVE-2010-3865: Integer overflow in the rds_rdma_pages function in net/rds/rdma↗2011-01-11

▶

📋Vendor Advisories

Microsoft

CVE-2010-3865: NIST NVD Details: https://nvd↗2020-09-08

▶

Ubuntu

Linux kernel (Maverick backport) vulnerabilities↗2011-08-09

▶

Ubuntu

Linux kernel vulnerabilities (i.MX51)↗2011-07-06

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-04-20

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

💬Community

Bugzilla

CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c↗2010-10-28

▶