High severity7.8CISA KEVNVD Advisory· Published Dec 6, 2010· Updated Apr 21, 2026

CVE-2010-3904

Description

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Affected products

Canonical (company)/Ubuntu Linux6 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 5 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <2.6.36
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Real Time Extension
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
VMware/Esxi4 versions
cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/44677/nvdExploitThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/46397nvdBroken LinkThird Party Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.kb.cert.org/vuls/id/362983nvdThird Party AdvisoryUS Government Resource
www.redhat.com/support/errata/RHSA-2010-0792.htmlnvdBroken LinkThird Party Advisory
www.redhat.com/support/errata/RHSA-2010-0842.htmlnvdBroken LinkThird Party Advisory
www.securityfocus.com/archive/1/520102/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1000-1nvdThird Party Advisory
www.vmware.com/security/advisories/VMSA-2011-0012.htmlnvdThird Party Advisory
www.vupen.com/english/advisories/2011/0298nvdBroken LinkThird Party Advisory
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36nvdBroken Link
www.vsecurity.com/download/tools/linux-rds-exploit.cnvdBroken Link
www.vsecurity.com/resources/advisory/20101019-1/nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.002
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000