Wind River Support Network

HomeDefectsLIN6-9974

Fixed

LIN6-9974 : Security Advisory - linux - CVE-2015-1805

Created: Jun 7, 2015 Updated: Dec 3, 2018

Resolved Date: Jun 23, 2015

Previous ID: LIN4-32703

Found In Version: 6.0.0.20

Fix Version: 6.0.0.22

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Kernel

Description

A flaw was found in the way pipe_iov_copy_from_user() and
pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on
failed atomic access.

An unprivileged local user could this flaw to crash the system or, potentially,
escalate their privileges on the system.

Upstream fixes:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805

Other Downloads

Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38