CVE-2010-3865

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.

Published: 2011-01-10 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-3865 is rated Moderate Risk (43.9/100): CVSS High severity, with low exploitation likelihood (EPSS 0.56%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-3865

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.07% 0.56% +0.49%
2 2024-12-17 0.04% 0.07% +0.02%
3 2023-03-07 0.04%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3865

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.2 2.0 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 3.9 10.0 [email protected]

Weakness enumeration for CVE-2010-3865

OS Trackers for CVE-2010-3865

vendor priority summary link
redhat high https://access.redhat.com/security/cve/CVE-2010-3865
ubuntu medium CVE-2010-3865 medium priority: Ubuntu including 8 source packages (linux, linux-ec2, …), 54 status rows across 7 suites (dapper, hardy, karmic, lucid, maverick, natty, upstream): DNE 28, released 19, not-affected 5, ignored 2. https://ubuntu.com/security/CVE-2010-3865

Affected software / configurations for CVE-2010-3865

Vendor Product Version Raw CPE
linux linux_kernel <= 2.6.36 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
opensuse opensuse 11.2 cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
opensuse opensuse 11.3 cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
suse linux_enterprise_high_availability_extension 11 cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*
suse linux_enterprise_real_time 11 cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*

References for CVE-2010-3865

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html Mailing List Third Party Advisory
http://secunia.com/advisories/42778 Third Party Advisory
http://secunia.com/advisories/42789 Third Party Advisory
http://secunia.com/advisories/42801 Third Party Advisory
http://secunia.com/advisories/42890 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/29/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/11/01/1 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0004.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0007.html Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/44549 Third Party Advisory VDB Entry
http://www.spinics.net/lists/netdev/msg145359.html Mailing List Patch Third Party Advisory
http://www.spinics.net/lists/netdev/msg145397.html Mailing List Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
http://www.vupen.com/english/advisories/2011/0012 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0024 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62881 Third Party Advisory VDB Entry
cvelogic Threat Intelligence