First published: Tue Mar 17 2015(Updated: )
A flaw was found in the way pipe_iov_copy_from_user() and pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on failed atomic access. An unprivileged local user could this flaw to crash the system or, potentially, escalate their privileges on the system. Upstream fixes: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045</a> <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1</a> Acknowledgements: The security impact of this issue was discovered by Red Hat.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =4.4.3 | |
Google Android | =5.0.1 | |
Google Android | =5.1 | |
Google Android | =5.1.1 | |
Google Android | =6.0 | |
Linux Linux kernel | <=3.15.10 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.