CVE-2015-1805
First published: Tue Mar 17 2015(Updated: )
A flaw was found in the way pipe_iov_copy_from_user() and pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on failed atomic access. An unprivileged local user could this flaw to crash the system or, potentially, escalate their privileges on the system. Upstream fixes: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045</a> <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1</a> Acknowledgements: The security impact of this issue was discovered by Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | =4.4.3 | |
| Google Android | =5.0.1 | |
| Google Android | =5.1 | |
| Google Android | =5.1.1 | |
| Google Android | =6.0 | |
| Linux Kernel | <=3.15.10 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id/1032454
- http://www.securityfocus.com/bid/74951
- http://www.debian.org/security/2015/dsa-3290
- https://bugzilla.redhat.com/show_bug.cgi?id=1202855
- http://rhn.redhat.com/errata/RHSA-2015-1042.html
- http://rhn.redhat.com/errata/RHSA-2015-1081.html
- http://rhn.redhat.com/errata/RHSA-2015-1082.html
- http://rhn.redhat.com/errata/RHSA-2015-1120.html
- http://rhn.redhat.com/errata/RHSA-2015-1137.html
- http://rhn.redhat.com/errata/RHSA-2015-1138.html
- http://rhn.redhat.com/errata/RHSA-2015-1190.html
- http://rhn.redhat.com/errata/RHSA-2015-1199.html
- http://rhn.redhat.com/errata/RHSA-2015-1211.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://www.ubuntu.com/usn/USN-2679-1
- http://www.ubuntu.com/usn/USN-2680-1
- http://www.ubuntu.com/usn/USN-2681-1
- http://www.ubuntu.com/usn/USN-2967-1
- http://www.ubuntu.com/usn/USN-2967-2
- http://www.openwall.com/lists/oss-security/2015/06/06/2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
- http://source.android.com/security/bulletin/2016-04-02.html
- http://source.android.com/security/bulletin/2016-05-01.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1
- https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045
- https://launchpad.net/bugs/cve/CVE-2015-1805
- https://rhn.redhat.com/errata/RHSA-2015-1042.html
- https://rhn.redhat.com/errata/RHSA-2015-1082.html
- https://rhn.redhat.com/errata/RHSA-2015-1081.html
- https://rhn.redhat.com/errata/RHSA-2015-1120.html
- https://rhn.redhat.com/errata/RHSA-2015-1139.html
- https://rhn.redhat.com/errata/RHSA-2015-1138.html
- https://rhn.redhat.com/errata/RHSA-2015-1137.html
- https://rhn.redhat.com/errata/RHSA-2015-1190.html
- https://rhn.redhat.com/errata/RHSA-2015-1199.html
- https://rhn.redhat.com/errata/RHSA-2015-1211.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
- https://security-tracker.debian.org/tracker/CVE-2015-1805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805
- https://nvd.nist.gov/vuln/detail/CVE-2015-1805
- https://ubuntu.com/security/CVE-2015-1805
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-1805
- agent/weakness
- agent/severity
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/author
- vendor/google
- canonical/google android
- version/google android/4.4.3
- version/google android/5.0.1
- version/google android/5.1
- version/google android/5.1.1
- version/google android/6.0
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.15.10
- package-manager/debian