VDB
GSD-2010-3081
GSD-2010-3081
PUBLISHED
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
Timeline
- Apr 8, 2009 CVE Published
- Sep 16, 2010 PoC Published
- Sep 6, 2015 PoC Published
- Oct 9, 2020 PoC Published
- Aug 31, 2022 PoC Published
- Aug 31, 2025 PoC Published
- Apr 18, 2026 Security Advisory
- Apr 18, 2026 Security Advisory
- Apr 18, 2026 Security Advisory
References
- http://www.vmware.com/security/advisories/VMSA-2010-0017.html url
- ADV-2010-3083 vdb
- ADV-2010-3117 vdb
- http://sota.gen.nz/compat1/ url
- MDVSA-2010:198 vendor-advisory
- 20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne mailing-list
- 42384 third-party-advisory
- 20100916 Workaround for Ac1db1tch3z exploit. mailing-list
- SUSE-SA:2011:007 vendor-advisory
- RHSA-2010:0842 vendor-advisory
- MDVSA-2010:247 vendor-advisory
- ADV-2011-0298 vdb
- RHSA-2010:0882 vendor-advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log url
- SUSE-SA:2010:050 vendor-advisory
- http://blog.ksplice.com/2010/09/cve-2010-3081/ url
- 43315 third-party-advisory
- SUSE-SR:2010:017 vendor-advisory
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html url
- 20100916 Ac1db1tch3z vs x86_64 Linux Kernel mailing-list
…and 8 more