Skip to navigation

CVE Database

CVE-2010-3081

Impact: Important
Public: 2010-09-15
CWE: CWE-190->CWE-119
Bugzilla: 634457: CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
IAVA: 2010-B-0085

Details

The MITRE CVE dictionary describes this issue as:

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

Find out more about CVE-2010-3081 from the MITRE CVE dictionary and NIST NVD.

Statement

More information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40265.

CVSS v2 metrics

Base Score: 7.2
Base Metrics: AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0758 October 08, 2010
Red Hat Enterprise Linux ES (v. 3 ELS) (kernel) RHSA-2010:0882 November 12, 2010
Red Hat Enterprise Linux ES EUS (v. 4.7) (kernel) RHSA-2010:0719 September 28, 2010
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0711 September 22, 2010
Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel) RHSA-2010:0705 September 21, 2010
Red Hat Enterprise Linux version 4 (kernel) RHSA-2010:0718 September 28, 2010
Red Hat Enterprise Linux version 5 (kernel) RHSA-2010:0704 September 21, 2010
Red Hat Enterprise Linux version 6 (kernel) RHSA-2010:0842 November 10, 2010

External References

Acknowledgements

Red Hat would like to thank Ben Hawkes for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.