Bug 1202855 (CVE-2015-1805)
| Summary: | CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | agordeev, aquini, bhu, carnil, dhoward, esammons, fhrbata, iboverma, jaeshin, jkacur, jross, kernel-mgr, kstutsma, lgoncalv, lwang, matt, mcressma, mguzik, nmurray, pholasek, plougher, rvrbovsk, sauchter, security-response-team, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-06-23 12:19:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1185166, 1198843, 1202860, 1202861, 1202862, 1202863, 1202864, 1202865, 1203782, 1203783, 1203784, 1203787, 1203788, 1203789 | ||
| Bug Blocks: | 1202879 | ||
|
Description
Petr Matousek
2015-03-17 15:01:29 UTC
Statement: This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux kernel updates for the respective releases will address this issue. This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1042 https://rhn.redhat.com/errata/RHSA-2015-1042.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Via RHSA-2015:1082 https://rhn.redhat.com/errata/RHSA-2015-1082.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1081 https://rhn.redhat.com/errata/RHSA-2015-1081.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5.9 AUS - Server Only Via RHSA-2015:1120 https://rhn.redhat.com/errata/RHSA-2015-1120.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1139 https://rhn.redhat.com/errata/RHSA-2015-1139.html This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2015:1138 https://rhn.redhat.com/errata/RHSA-2015-1138.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1137 https://rhn.redhat.com/errata/RHSA-2015-1137.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5.6 Long Life Via RHSA-2015:1190 https://rhn.redhat.com/errata/RHSA-2015-1190.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:1199 https://rhn.redhat.com/errata/RHSA-2015-1199.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2015:1211 https://rhn.redhat.com/errata/RHSA-2015-1211.html |