CVE-2015-8019

Опубликовано: 27 окт. 2015

Источник: redhat

CVSS2: 7.8

Описание

The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the code introduced the flaw is not present in these products.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1276588kernel: net: buffer overflow when copying data from skbuff to userspace

7.8 High

CVSS2

Связанные уязвимости

CVE-2015-8019

CVSS3: 7.8

ubuntu

почти 10 лет назад

CVE-2015-8019

CVSS3: 7.8

nvd

почти 10 лет назад

CVE-2015-8019

CVSS3: 7.8

debian

почти 10 лет назад

The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c i ...

GHSA-gj89-xw5c-cf26

CVSS3: 7.8

github

больше 3 лет назад

SUSE-SU-2016:2009-1

suse-cvrf

больше 9 лет назад

Security update for Linux Kernel Live Patch 2 for SLE 12 SP1

7.8 High

CVSS2