All customers except US A&D: to ensure that you can access all of your product downloads, you must log in to the Wind River Delivers portal https://delivers.windriver.com and visit the My Products page to force an initial sync of your product entitlement. Only after you’ve completed this step will you be able to access and download product content through the Artifacts, Registry, and Git interfaces. This also applies to users attempting to run the Wind River installer in maintenance or update mode or Linux installation updates at the command line.

Wind River Support Network

HomeDefectsSCP7-184
Fixed

SCP7-184 : Security Advisory - linux - CVE-2015-1805

Created: Jun 7, 2015    Updated: Sep 8, 2018
Resolved Date: Jul 10, 2015
Previous ID: LIN4-32704
Found In Version: 7.0.0.5
Fix Version: 7.0.0.8
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Kernel

Description

A flaw was found in the way pipe_iov_copy_from_user() and
pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on
failed atomic access.

An unprivileged local user could this flaw to crash the system or, potentially,
escalate their privileges on the system.

Upstream fixes:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805

Other Downloads


Live chat
Online