You are here

CVE-2010-3865

Vincent (CVE) Danen's picture
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.

Details Source

Mitre

Statement

The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat
Enterprise MRG did not include support for the RDS Protocol, and therefore are
not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 5
may address this flaw.

Public Date

2010-10-29 00:00:00

Impact

Important

Bugzilla

CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c

Bugzilla ID

647 416

CVSS Status

verified

Base Score

7.20

Base Metrics

AV:L/AC:L/Au:N/C:C/I:C/A:C

Acknowledgements

Red Hat would like to thank Thomas Pollet for reporting this issue.

IAVA

2011-A-0147

Mitigation

For users that do not run applications that use RDS, you can prevent the rds
module from being loaded by adding the following entry to the end of the

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2011:0007 2011-01-11
Red Hat Enterprise Linux 5 (kernel) RHSA-2011:0004 2011-01-04

CWE

CWE-190->CWE-119