ID CVE-2010-4175
Summary Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 44921
mlist
  • [linux-netdev] 20101117 [PATCH] Integer overflow in RDS cmsg handling
  • [oss-security] 20101117 CVE request: kernel: integer overflow in RDS
  • [oss-security] 20101118 Re: CVE request: kernel: integer overflow in RDS
secunia
  • 42778
  • 42801
  • 42932
suse
  • SUSE-SA:2011:001
  • SUSE-SA:2011:002
  • SUSE-SA:2011:004
  • SUSE-SA:2011:007
vupen
  • ADV-2011-0012
  • ADV-2011-0124
  • ADV-2011-0298
xf kernel-rdscmsgrdmaargs-dos(64618)
Last major update 17-08-2017 - 01:33
Published 11-01-2011 - 03:00
Last modified 17-08-2017 - 01:33
Back to Top