CVE-2015-5707

Опубликовано: 22 мар. 2015

Источник: redhat

CVSS2: 4.6

EPSS Низкий

Описание

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

An integer-overflow vulnerability was found in the scsi block-request handling code in function start_req(). A local attacker could use specially crafted IOV requests to overflow a counter used in bio_map_user_iov()'s page calculation, and write past the end of the array that contains kernel-page pointers.

Отчет

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 MRG-2 and realtime kernels and does not plan be addressed in a future update.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1250030kernel: number wraparound vulnerability in function start_req()

EPSS

Процентиль: 25%

0.00084

Низкий

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2015-5707

ubuntu

больше 9 лет назад

CVE-2015-5707

nvd

больше 9 лет назад

CVE-2015-5707

debian

больше 9 лет назад

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in ...

GHSA-rfcp-m7v6-h4ff

github

около 3 лет назад

SUSE-SU-2015:2091-1

suse-cvrf

больше 9 лет назад

Security update for Linux Kernel Live Patch 2

EPSS

Процентиль: 25%

0.00084

Низкий

4.6 Medium

CVSS2