** Description changed: - A flaw was found in the way pipe_iov_copy_from_user() and - pipe_iov_copy_to_user() functions handled iovecs remaining len - accounting on failed atomic access. An unprivileged local user could - this flaw to crash the system or, potentially, escalate their privileges - on the system. + The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the + Linux kernel before 3.16 do not properly consider the side effects of + failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, + which allows local users to cause a denial of service (system crash) or + possibly gain privileges via a crafted application, aka an "I/O vector + array overrun." Break-Fix: - f0d1bec9d58d4c038d0ac958c9af82be6eb18045 Break-Fix: - 637b58c2887e5e57850865839cc75f59184b23d1
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1462170 Title: CVE-2015-1805 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462170/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
