Red Hat Customer Portal

Skip to main content

CVE-2010-3081

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

Details Source

Mitre

Statement

More information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40265.

Public Date

2010-09-15 00:00:00

Impact

Important

Bugzilla

CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow

Bugzilla ID

634 457

CVSS Status

verified

Base Score

7.20

Base Metrics

AV:L/AC:L/Au:N/C:C/I:C/A:C

Acknowledgements

Red Hat would like to thank Ben Hawkes for reporting this issue.

IAVA

2011-A-0066

Red Hat Security Errata

Platform Errata Release Date
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0758 2010-10-08
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0711 2010-09-22
Red Hat Enterprise Linux Extended Update Support 4.7 (kernel) RHSA-2010:0719 2010-09-28
Red Hat Enterprise Linux 6 (kernel) RHSA-2010:0842 2010-11-10
Red Hat Enterprise Linux Extended Lifecycle Support 3 (kernel) RHSA-2010:0882 2010-11-12
Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) RHSA-2010:0705 2010-09-21
Red Hat Enterprise Linux 4 (kernel) RHSA-2010:0718 2010-09-28
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0704 2010-09-21

CWE

CWE-190->CWE-119

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 3 kernel 2.4.21-66.EL Fixed