PT-2016-4408 · Red Hat+4 · Red Hat+4

Petr Matousek

·

Published

2015-11-19

·

Updated

2016-12-03

·

CVE-2016-0774

CVSS v3.1

6.8

Medium

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions linux package versions prior to 3.2.73-2+deb7u3 linux package versions prior to 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1
Description The issue is related to the pipe read and pipe write implementations in fs/pipe.c in certain Linux kernel backports. It allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application. This is due to the improper consideration of side effects from failed copy to user inatomic and copy from user inatomic calls, leading to an "I/O vector array overrun."
Recommendations For linux package versions prior to 3.2.73-2+deb7u3, update to version 3.2.73-2+deb7u3 or later to resolve the issue. For linux package versions prior to 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1, update to version 3.10.0-229.26.2 or later to resolve the issue.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CESA-2015_2152
CESA-2016_0494
CVE-2016-0774
DLA-439-1
DSA-3503-1
RHSA-2015:2152
RHSA-2015_2152
RHSA-2016:0103
RHSA-2016:0494
RHSA-2016:0617
RHSA-2016_0494
SUSE-SU-2016:0785-1
SUSE-SU-2016:1031-1
SUSE-SU-2016:1032-1
SUSE-SU-2016:1033-1
SUSE-SU-2016:1034-1
SUSE-SU-2016:1035-1
SUSE-SU-2016:1037-1
SUSE-SU-2016:1038-1
SUSE-SU-2016:1039-1
SUSE-SU-2016:1040-1
SUSE-SU-2016:1041-1
SUSE-SU-2016:1045-1
SUSE-SU-2016:1046-1
USN-2967-1
USN-2967-2
USN-2968-1
USN-2968-2

Affected Products

Centos
Linux
Red Hat
Suse
Ubuntu