Improper input validation in the RDS protocol implementation in the Linux kernel allows local unprivileged users to escalate their privileges and execute arbitrary code with root permissions. The RDS protocol does not properly check that the base address of a user-provided iovec struct points to a valid userspace address before using the __copy_to_user_inatomic() function to copy the data. By providing a kernel address as an iovec base and issuing a recvmsg() style socket call, a local user could write arbitrary data into kernel memory, thus escalating privileges to root.
CVE Link
Exploit Platform
Exploit Type
Product Name