Linux Kernel RDS Protocol Privilege Escalation Exploit

The Linux kernel is prone to a privilege escalation vulnerability that can be exploited by local unprivileged users to gain root access, because the RDS protocol does not properly check that the base address of a user-provided iovec struct points to a valid userspace address before using the __copy_to_user_inatomic() function to copy the data. By providing a kernel address as an iovec base and issuing a recvmsg() style socket call, a local user could write arbitrary data into kernel memory, thus escalating privileges to root.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2010-3904
Product Version: 
10.5
Released Date: 
Tuesday, October 26, 2010 - 00:00