Vulnerability Name:

CVE-2010-3865 (CCN-62881)

Assigned:2010-10-29
Published:2010-10-29
Updated:2023-02-13
Summary:Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.8 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-3865

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2011-0004
Important: kernel security, bug fix, and enhancement update

Source: CCN
Type: RHSA-2011-0007
Important: kernel security and bug fix update

Source: CCN
Type: SA46397
VMware ESX / ESXi Server Multiple Vulnerabilities

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 70375
Linux Kernel net/rds/rdma.c rds_rdma_pages Function RDS Request iovec Struct Local Overflow DoS

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: BID-44549
Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Integer Overflow Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 647416
kernel: iovec integer overflow in net/rds/rdma.c

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
kernel-rdsrdmapages-overflow(62881)

Source: SUSE
Type: SUSE-SA:2010:057
Linux kernel security problems

Source: SUSE
Type: SUSE-SA:2011:001
Linux kernel security update

Source: SUSE
Type: SUSE-SA:2011:002
Linux kernel security update

Source: SUSE
Type: SUSE-SA:2011:007
Linux realtime kernel security update

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.30.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc9:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:rc8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32:git-6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.34:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33:rc8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.32.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.33.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.35:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.35:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.35:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.35:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.35:rc5:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20103865
    V
    		CVE-2010-3865
    2022-05-22
    oval:org.opensuse.security:def:33046
    P
    		Security update for postgresql10 (Important)
    2021-11-22
    oval:org.opensuse.security:def:33935
    P
    		Security update for libnettle (Important)
    2021-06-23
    oval:org.opensuse.security:def:33896
    P
    		Security update for MozillaFirefox (Important)
    2021-04-27
    oval:org.opensuse.security:def:33103
    P
    		Security update for ovmf (Moderate)
    2021-03-29
    oval:org.opensuse.security:def:32439
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29883
    P
    		Security update for the Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:33191
    P
    		libvorbis on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29006
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32652
    P
    		e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28418
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33258
    P
    		squid3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29109
    P
    		Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32803
    P
    		w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28497
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29165
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:28713
    P
    		Security update for Java OpenJDK
    2020-12-01
    oval:org.opensuse.security:def:32428
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29847
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:33152
    P
    		libgdiplus0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28854
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:32517
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28417
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33214
    P
    		ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29060
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:32746
    P
    		mailman on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28429
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29148
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32890
    P
    		kde4-kgreeter-plugins on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28628
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32427
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29209
    P
    		Security update for openssl (Important)
    2020-12-01
    oval:org.opensuse.security:def:28770
    P
    		Security update for libssh2_org
    2020-12-01
    oval:org.mitre.oval:def:13909
    P
    		USN-1164-1 -- linux-fsl-imx51 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13193
    P
    		USN-1080-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13949
    P
    		USN-1119-1 -- linux-ti-omap4 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13433
    P
    		USN-1093-1 -- linux-mvl-dove vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:15138
    P
    		USN-1187-1 -- Linux kernel (Maverick backport) vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:12842
    P
    		USN-1073-1 -- linux, linux-ec2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13765
    P
    		USN-1080-2 -- linux-ec2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:12956
    P
    		USN-1081-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23550
    P
    		ELSA-2011:0007: kernel security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:23232
    P
    		ELSA-2011:0004: kernel security, bug fix, and enhancement update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21680
    P
    		RHSA-2011:0004: kernel security, bug fix, and enhancement update (Important)
    2014-02-24
    oval:org.mitre.oval:def:21719
    P
    		RHSA-2011:0007: kernel security and bug fix update (Important)
    2014-02-24
    oval:org.mitre.oval:def:20441
    V
    		VMware ESX third party updates for Service Console packages glibc and dhcp
    2014-01-20
    oval:com.redhat.rhsa:def:20110007
    P
    		RHSA-2011:0007: kernel security and bug fix update (Important)
    2011-01-11
    oval:com.redhat.rhsa:def:20110004
    P
    		RHSA-2011:0004: kernel security, bug fix, and enhancement update (Important)
    2011-01-04
    BACK
    linux linux kernel 2.6.30.4
    linux linux kernel 2.6.30.5
    linux linux kernel 2.6.31 rc1
    linux linux kernel 2.6.30.3
    linux linux kernel 2.6.31 rc2
    linux linux kernel 2.6.31 rc3
    linux linux kernel 2.6.31 rc4
    linux linux kernel 2.6.31 rc5
    linux linux kernel 2.6.31 rc6
    linux linux kernel 2.6.31 rc7
    linux linux kernel 2.6.31 rc8
    linux linux kernel 2.6.31 rc9
    linux linux kernel 2.6.31
    linux linux kernel 2.6.30.6
    linux linux kernel 2.6.30.7
    linux linux kernel 2.6.30.8
    linux linux kernel 2.6.30.9
    linux linux kernel 2.6.31.1
    linux linux kernel 2.6.31.2
    linux linux kernel 2.6.31.3
    linux linux kernel 2.6.31.4
    linux linux kernel 2.6.32 rc4
    linux linux kernel 2.6.32 rc1
    linux linux kernel 2.6.32 rc3
    linux linux kernel 2.6.31.5
    linux linux kernel 2.6.31.6
    linux linux kernel 2.6.32 rc6
    linux linux kernel 2.6.32 rc5
    linux linux kernel 2.6.32
    linux linux kernel 2.6.32 rc7
    linux linux kernel 2.6.32 rc8
    linux linux kernel 2.6.32 git-6
    linux linux kernel 2.6.32.1
    linux linux kernel 2.6.32.2
    linux linux kernel 2.6.32.3
    linux linux kernel 2.6.33
    linux linux kernel 2.6.32.4
    linux linux kernel 2.6.33 rc1
    linux linux kernel 2.6.33 rc2
    linux linux kernel 2.6.33 rc3
    linux linux kernel 2.6.33 rc4
    linux linux kernel 2.6.33 rc5
    linux linux kernel 2.6.33 rc6
    linux linux kernel 2.6.32.7
    linux linux kernel 2.6.33 rc7
    linux linux kernel 2.6.32.5
    linux linux kernel 2.6.32.6
    linux linux kernel 2.6.33.1
    linux linux kernel 2.6.32.8
    linux linux kernel 2.6.32.9
    linux linux kernel 2.6.32.10
    linux linux kernel 2.6.31.7
    linux linux kernel 2.6.31.8
    linux linux kernel 2.6.31.9
    linux linux kernel 2.6.31.10
    linux linux kernel 2.6.31.11
    linux linux kernel 2.6.31.12
    linux linux kernel 2.6.34 rc1
    linux linux kernel 2.6.33 rc8
    linux linux kernel 2.6.31.13
    linux linux kernel 2.6.32.11
    linux linux kernel 2.6.33.2
    linux linux kernel 2.6.34 rc2
    linux linux kernel 2.6.34 rc3
    linux linux kernel 2.6.34 rc4
    linux linux kernel 2.6.34
    linux linux kernel 2.6.34 rc5
    linux linux kernel 2.6.32.12
    linux linux kernel 2.6.32.13
    linux linux kernel 2.6.33.3
    linux linux kernel 2.6.33.4
    linux linux kernel 2.6.33.5
    linux linux kernel 2.6.35 rc1
    linux linux kernel 2.6.35 rc2
    linux linux kernel 2.6.35 rc3
    linux linux kernel 2.6.35 rc4
    linux linux kernel 2.6.35 rc5
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6