Is CVE-2010-3904 actively exploited?

CVE-2010-3904 has no public evidence of in-the-wild exploitation as of 2025-10-22.

What is the CVSS score for CVE-2010-3904?

CVE-2010-3904 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2010-3904?

Patch guidance is available from linux security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2010-3904.

Fix CVE-2010-3904 - HIGH linux linux kernel

Q: Which products are affected by CVE-2010-3904?

18 products: linux linux kernel, opensuse opensuse, opensuse opensuse, suse linux enterprise desktop, suse linux enterprise real time extension, and 13 more.

Description

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-1284

Metadata

Primary Vendor: LINUX
Published: 12/6/2010
Last Modified: 10/22/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

linux : linux_kernelopensuse : opensuseopensuse : opensusesuse : linux_enterprise_desktopsuse : linux_enterprise_real_time_extensionsuse : linux_enterprise_servercanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxredhat : enterprise_linuxredhat : enterprise_linuxvmware : esxivmware : esxivmware : esxivmware : esxi

Remediation Guidance

Executive Summary

View on NIST NVD