{ "threat_severity" : "Important", "public_date" : "2015-06-02T00:00:00Z", "bugzilla" : { "description" : "kernel: pipe: iovec overrun leading to memory corruption", "id" : "1202855", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202855" }, "cvss" : { "cvss_base_score" : "6.9", "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status" : "verified" }, "details" : [ "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"", "It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement" : "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "acknowledgement" : "This issue was discovered by Red Hat.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-06-02T00:00:00Z", "advisory" : "RHSA-2015:1042", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "kernel-0:2.6.18-406.el5" }, { "product_name" : "Red Hat Enterprise Linux 5.6 Long Life", "release_date" : "2015-06-25T00:00:00Z", "advisory" : "RHSA-2015:1190", "cpe" : "cpe:/o:redhat:rhel_mission_critical:5.6", "package" : "kernel-0:2.6.18-238.56.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5.9 Long Life", "release_date" : "2015-06-16T00:00:00Z", "advisory" : "RHSA-2015:1120", "cpe" : "cpe:/o:redhat:rhel_aus:5.9", "package" : "kernel-0:2.6.18-348.31.2.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-06-09T00:00:00Z", "advisory" : "RHSA-2015:1081", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-504.23.4.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date" : "2015-06-09T00:00:00Z", "advisory" : "RHSA-2015:1082", "cpe" : "cpe:/o:redhat:rhel_mission_critical:6.2", "package" : "kernel-0:2.6.32-220.63.2.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date" : "2015-07-07T00:00:00Z", "advisory" : "RHSA-2015:1211", "cpe" : "cpe:/o:redhat:rhel_aus:6.4", "package" : "kernel-0:2.6.32-358.62.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date" : "2015-06-30T00:00:00Z", "advisory" : "RHSA-2015:1199", "cpe" : "cpe:/o:redhat:rhel_eus:6.5", "package" : "kernel-0:2.6.32-431.59.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-06-23T00:00:00Z", "advisory" : "RHSA-2015:1139", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-229.7.2.rt56.141.6.el7_1" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-06-23T00:00:00Z", "advisory" : "RHSA-2015:1137", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-229.7.2.ael7b" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2015-06-23T00:00:00Z", "advisory" : "RHSA-2015:1138", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-1:3.10.0-229.rt56.153.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.6", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:rhel_eus:5.6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1805" ], "name" : "CVE-2015-1805", "csaw" : false }