CVE-2010-3904 — Linux Kernel

Linux Kernel Improper Input Validation Vulnerability

Added to KEV

2023-05-12

Federal due date

2023-06-02

Vendor

Linux

Product

Kernel

EPSS

84.8th percentile (score 0.022, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2010-3904

CISA short description

Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Required action

The impacted product is end-of-life and should be disconnected if still in use.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.