Wind River Support Network

HomeDefectsLIN6-9974
Fixed

LIN6-9974 : Security Advisory - linux - CVE-2015-1805

Created: Jun 7, 2015    Updated: Dec 3, 2018
Resolved Date: Jun 23, 2015
Previous ID: LIN4-32703
Found In Version: 6.0.0.20
Fix Version: 6.0.0.22
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel

Description

A flaw was found in the way pipe_iov_copy_from_user() and
pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on
failed atomic access.

An unprivileged local user could this flaw to crash the system or, potentially,
escalate their privileges on the system.

Upstream fixes:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805

Other Downloads


Live chat
Online