CVE-2015-1805

 

Published at: - 08-08-2015 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045
• https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1
• https://bugzilla.redhat.com/show_bug.cgi?id=1202855
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
• [oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption-
• DSA-3290-
• RHSA-2015:1199-
• RHSA-2015:1211-
• RHSA-2015:1190-
• http://source.android.com/security/bulletin/2016-04-02.html
• http://source.android.com/security/bulletin/2016-05-01.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• 74951-
• RHSA-2015:1042-
• 1032454-
• RHSA-2015:1120-
• USN-2967-1-
• USN-2967-2-
• SUSE-SU-2015:1611-
• SUSE-SU-2015:1592-
• SUSE-SU-2015:1478-
• USN-2681-1-
• USN-2680-1-
• USN-2679-1-
• SUSE-SU-2015:1491-
• SUSE-SU-2015:1490-
• SUSE-SU-2015:1489-
• SUSE-SU-2015:1488-
• SUSE-SU-2015:1487-
• SUSE-SU-2015:1324-
• SUSE-SU-2015:1224-
• RHSA-2015:1138-
• RHSA-2015:1137-
• RHSA-2015:1082-
• RHSA-2015:1081-

 

Keywords

NVD

 

CVE-2015-1805

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures