CVE-2010-3904

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 2.6.36

Description The issue is related to improper input validation in the Reliable Datagram Sockets (RDS) protocol implementation. Specifically, the rds page copy user function in net/rds/page.c does not properly validate addresses obtained from user space. This allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Recommendations For Linux Kernel versions prior to 2.6.36, update to version 2.6.36 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sendmsg and recvmsg system calls to minimize the risk of exploitation.