Описание
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Отчет
This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux kernel updates for the respective releases will address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 5.6 | kernel | Affected | ||
| Red Hat Enterprise Linux 5 | kernel | Fixed | RHSA-2015:1042 | 02.06.2015 |
| Red Hat Enterprise Linux 5.6 Long Life | kernel | Fixed | RHSA-2015:1190 | 25.06.2015 |
| Red Hat Enterprise Linux 5.9 Long Life | kernel | Fixed | RHSA-2015:1120 | 16.06.2015 |
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2015:1081 | 09.06.2015 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2015:1082 | 09.06.2015 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | kernel | Fixed | RHSA-2015:1211 | 07.07.2015 |
| Red Hat Enterprise Linux 6.5 Extended Update Support | kernel | Fixed | RHSA-2015:1199 | 30.06.2015 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2015:1139 | 23.06.2015 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2015:1137 | 23.06.2015 |
Показывать по
Дополнительная информация
Статус:
6.9 Medium
CVSS2
Связанные уязвимости
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in t ...
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
ELSA-2015-1042: kernel security and bug fix update (IMPORTANT)
6.9 Medium
CVSS2