PT-2015-3414 · Linux+5 · Linux Kernel+5

Petr Matousek

·

Publicado

2014-08-28

·

Atualizado

2025-09-29

·

CVE-2015-1805

CVSS v2.0

7.2

Alta

VetorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16
Description The issue is related to the pipe read and pipe write implementations in fs/pipe.c, which do not properly handle the side effects of failed copy to user inatomic and copy from user inatomic calls. This can allow local users to cause a denial of service, potentially leading to a system crash, or possibly gain privileges via a crafted application. The problem is described as an "I/O vector array overrun."
Recommendations For Linux kernel versions prior to 3.16, update to version 3.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the pipe read and pipe write functions to minimize the risk of exploitation.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2014-2035
ALT-PU-2015-1794
BDU:2022-00885
CESA-2015_1081
CESA-2015_1137
CVE-2015-1805
DLA-246-1
DSA-3290-1
DSA-3503-1
ELSA-2015-1081
ELSA-2015-1137
ELSA-2015-3098
RHSA-2015:1042
RHSA-2015:1081
RHSA-2015:1082
RHSA-2015:1120
RHSA-2015:1137
RHSA-2015:1138
RHSA-2015:1139
RHSA-2015:1190
RHSA-2015:1199
RHSA-2015:1211
RHSA-2015_1042
RHSA-2015_1081
RHSA-2015_1137
RHSA-2015_1139
SUSE-SU-2015:1224-1
SUSE-SU-2015:1324-1
SUSE-SU-2015:1478-1
SUSE-SU-2015:1487-1
SUSE-SU-2015:1488-1
SUSE-SU-2015:1489-1
SUSE-SU-2015:1490-1
SUSE-SU-2015:1491-1
SUSE-SU-2015:1592-1
SUSE-SU-2015:1611-1
SUSE-SU-2015:1678-1
SUSE-SU-2015_1224-1
SUSE-SU-2015_1324-1
SUSE-SU-2015_1478-1
SUSE-SU-2015_1611-1
SUSE-SU-2015_1678-1
USN-2678-1
USN-2679-1
USN-2680-1
USN-2681-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu