1400457 – (CVE-2015-8962) CVE-2015-8962 kernel: Double free vulnerability in SCSI driver

Bug 1400457 (CVE-2015-8962) - CVE-2015-8962 kernel: Double free vulnerability in SCSI driver

Summary: CVE-2015-8962 kernel: Double free vulnerability in SCSI driver

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-8962
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1406232 1406233
Blocks:	1395243
TreeView+	depends on / blocked

Reported:	2016-12-01 09:47 UTC by Adam Mariš
Modified:	2021-10-27 10:53 UTC (History)
CC List:	28 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel SCSI subsystem, which allowed a local user to gain privileges or cause a denial of service (memory corruption and system crash) by issuing an SG_IO ioctl call while a device was being detached.
Clone Of:
Environment:
Last Closed:	2021-10-27 10:53:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-12-01 09:47:07 UTC

A flaw was found in the Linux kernel SCSI subsystem, which allowed a local user to gain privileges or cause a denial of service (memory corruption and system crash) by issuing an SG_IO ioctl call while a device was being detached.

This could cause a situation in which a block request could be free'd twice.  An attacker could use this condition to crafted memory in the correct location which can be free'd then used again , causing memory corruption (crash) or privilege escalation.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3951a3709ff50990bf3e188c27d346792103432

Comment 2 Wade Mealing 2016-12-20 02:57:29 UTC


This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and may be addressed in future updates. 

This issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,7 and MRG-2 kernels.

This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Note You need to log in before you can comment on or make changes to this bug.

aquini
bhu
dhoward
dvlasenk
fhrbata
gansalmon
iboverma
ichavero
itamar
jforbes
jkacur
joelsmith
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
lgoncalv
madhu.chinakonda
mchehab
mcressma
nmurray
pholasek
rt-maint
rvrbovsk
williams
wmealing
yozone