Public Date:
CWE-190 -> CWE-119
634457: CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow

The MITRE CVE dictionary describes this issue as:

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

Find out more about CVE-2010-3081 from the MITRE CVE dictionary dictionary and NIST NVD.


More information can be found in this kbase:

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (kernel) RHSA-2010:0704 2010-09-21
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0711 2010-09-22
Red Hat Enterprise Linux version 6 (kernel) RHSA-2010:0842 2010-11-10
Red Hat Enterprise Linux ES EUS (v. 4.7) (kernel) RHSA-2010:0719 2010-09-28
Red Hat Enterprise Linux version 4 (kernel) RHSA-2010:0718 2010-09-28
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0758 2010-10-08
Red Hat Enterprise Linux ES (v. 3 ELS) (kernel) RHSA-2010:0882 2010-11-12
Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) RHSA-2010:0705 2010-09-21


Red Hat would like to thank Ben Hawkes for reporting this issue.