PT-2015-3414 · Linux+5 · Linux Kernel+5

Petr Matousek

·

Published

2014-08-28

·

Updated

2025-09-29

·

CVE-2015-1805

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16
Description The issue is related to the pipe read and pipe write implementations in fs/pipe.c, which do not properly handle the side effects of failed copy to user inatomic and copy from user inatomic calls. This can allow local users to cause a denial of service, potentially leading to a system crash, or possibly gain privileges via a crafted application. The problem is described as an "I/O vector array overrun."
Recommendations For Linux kernel versions prior to 3.16, update to version 3.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the pipe read and pipe write functions to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2014-2035
ALT-PU-2015-1794
BDU:2022-00885
CESA-2015_1081
CESA-2015_1137
CVE-2015-1805
DLA-246-1
DSA-3290-1
DSA-3503-1
ELSA-2015-1081
ELSA-2015-1137
ELSA-2015-3098
RHSA-2015:1042
RHSA-2015:1081
RHSA-2015:1082
RHSA-2015:1120
RHSA-2015:1137
RHSA-2015:1138
RHSA-2015:1139
RHSA-2015:1190
RHSA-2015:1199
RHSA-2015:1211
RHSA-2015_1042
RHSA-2015_1081
RHSA-2015_1137
RHSA-2015_1139
SUSE-SU-2015:1224-1
SUSE-SU-2015:1324-1
SUSE-SU-2015:1478-1
SUSE-SU-2015:1487-1
SUSE-SU-2015:1488-1
SUSE-SU-2015:1489-1
SUSE-SU-2015:1490-1
SUSE-SU-2015:1491-1
SUSE-SU-2015:1592-1
SUSE-SU-2015:1611-1
SUSE-SU-2015:1678-1
SUSE-SU-2015_1224-1
SUSE-SU-2015_1324-1
SUSE-SU-2015_1478-1
SUSE-SU-2015_1611-1
SUSE-SU-2015_1678-1
USN-2678-1
USN-2679-1
USN-2680-1
USN-2681-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu