⚠ Actively exploited
Added to CISA KEV on 2023-05-12. Federal agencies required to patch by 2023-06-02. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2010-3904Improper Validation of Specified Quantity in Input in Kernel

CWE-1284Improper Validation of Specified Quantity in InputCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation19 documents10 sources
Severity
7.8HIGHNVD
EPSS
1.6%
top 18.40%
CISA KEV
KEV
Added 2023-05-12
Due 2023-06-02
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Linux KernelCanonical Ubuntu LinuxOpensuse+5 more
Timeline
PublishedDec 6
KEV addedMay 12
KEV dueJun 2
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel< 2.6.36
NVDvmware/esxi4 versions+3

Also affects: Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10, Enterprise Linux 5.0, 6.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-92x6-4gf8-7hcj: The rds_page_copy_user function in net/rds/page2022-05-13
CVEList
CVE-2010-3904: The rds_page_copy_user function in net/rds/page2010-12-06
VulnCheck
Linux Kernel Improper Input Validation Vulnerability2010

💥Exploits & PoCs

3
Exploit-DB
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)2018-05-21
Exploit-DB
Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Local Privilege Escalation2010-10-19
Metasploit
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

📋Vendor Advisories

8
CISA
Linux Kernel Improper Input Validation Vulnerability2023-05-12
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-04-20
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)2011-03-25
Ubuntu
Linux kernel vulnerabilities2011-03-03
Ubuntu
Linux kernel vulnerabilities2011-02-28

💬Community

4
Bugzilla
CVE-2011-1023 kernel: BUG_ON() in rds_send_xmit()2011-02-25
Bugzilla
CVE-2010-3904 kernel: Linux RDS Protocol Local Privilege Escalation2010-10-21
Bugzilla
CVE-2010-3904 kernel: Linux RDS Protocol Local Privilege Escalation2010-10-21
Bugzilla
CVE-2010-3904 kernel: RDS sockets local privilege escalation2010-10-14
CVE-2010-3904 — Linux Kernel vulnerability | cvebase