Vulnerability in N/a
CVE-2010-3904
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to g…
EPSS: 0.022 (84.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Public proof-of-concept exploits
References
- VU#362983 (x_refsource_CERT-VN, third-party-advisory)
- www.vsecurity.com/download/tools/linux-rds-exploit.c (x_refsource_MISC)
- USN-1000-1 (x_refsource_UBUNTU, vendor-advisory)
- 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ)
- 46397 (x_refsource_SECUNIA, third-party-advisory)
- git.kernel.org/ (x_refsource_CONFIRM)
- 44677 (exploit, x_refsource_EXPLOIT-DB)
- 1024613 (vdb-entry, x_refsource_SECTRACK)
- SUSE-SA:2011:007 (vendor-advisory, x_refsource_SUSE)
- RHSA-2010:0842 (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2010-3904?
- CVE-2010-3904 is a vulnerability in N/a. Published 2010-12-06.
- Is CVE-2010-3904 known to be exploited?
- Yes. CVE-2010-3904 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-05-12), indicating it is being actively exploited. 126 public proof-of-concept repositories are indexed.