// For flags

CVE-2010-3865

kernel: iovec integer overflow in net/rds/rdma.c

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.

Desbordamiento de enteros en la función rds_rdma_pages en net/rds/rdma.c en el núcleo de Linux permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una estructura iovec manipulada en una petición Reliable Datagram Sockets (RDS), que provoca un desbordamiento de búfer.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-10-08 CVE Reserved
  • 2011-01-11 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (24)
URL Tag Source
http://secunia.com/advisories/42778 Third Party Advisory
http://secunia.com/advisories/42789 Third Party Advisory
http://secunia.com/advisories/42801 Third Party Advisory
http://secunia.com/advisories/42890 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/29/1 Mailing List
http://www.openwall.com/lists/oss-security/2010/11/01/1 Mailing List
http://www.securityfocus.com/archive/1/520102/100/0/threaded Mailing List
http://www.securityfocus.com/bid/44549 Third Party Advisory
http://www.spinics.net/lists/netdev/msg145397.html Mailing List
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
http://www.vupen.com/english/advisories/2011/0012 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0024 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62881 Third Party Advisory
URL Date SRC
URL Date SRC
http://www.spinics.net/lists/netdev/msg145359.html 2023-02-13
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0004.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0007.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3865 2011-01-11
https://bugzilla.redhat.com/show_bug.cgi?id=647416 2011-01-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.6.36
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.36"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 11.2
Search vendor "Opensuse" for product "Opensuse" and version "11.2"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 11.3
Search vendor "Opensuse" for product "Opensuse" and version "11.3"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise High Availability Extension
Search vendor "Suse" for product "Linux Enterprise High Availability Extension"
 11
Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "11"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Real Time
Search vendor "Suse" for product "Linux Enterprise Real Time"
 11
Search vendor "Suse" for product "Linux Enterprise Real Time" and version "11"
sp1
Affected