Wind River Support Network

HomeDefectsLIN5-20504
Fixed

LIN5-20504 : Security Advisory - linux - CVE-2015-1805

Created: Jun 7, 2015    Updated: Dec 19, 2017
Resolved Date: Jun 22, 2015
Previous ID: LIN4-32702
Found In Version: 5.0.1.26
Fix Version: 5.0.1.28
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Kernel

Description

A flaw was found in the way pipe_iov_copy_from_user() and
pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on
failed atomic access.

An unprivileged local user could this flaw to crash the system or, potentially,
escalate their privileges on the system.

Upstream fixes:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805

Other Downloads


Live chat
Online