Date: Sat, 26 Mar 2016 17:52:11 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption On Tue, Mar 22, 2016 at 11:58:39PM +0300, Solar Designer wrote: > The primary reason I am posting this is so that other distros know the > vulnerability was apparently shown to be exploitable. And that's not the end of the story: https://lwn.net/SubscriberLink/681062/b974fb24a6c4617b/ "Posted Mar 25, 2016 13:23 UTC (Fri) by BenHutchings (subscriber, #37955) [Link] Unfortunately the fix by Seth Jennings for RHEL, later applied to stable branches, was still incorrect, leading to CVE-2016-0774. I hope AOSP picks up the second fix as well." https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0774 "Petr Matousek 2016-02-02 09:34:35 EST It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on failed atomic read, potentially resulting in pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user-space. Upstream Linux kernel is not affected by this flaw as it was introduced by the Red Hat Enterprise Linux only fix for CVE-2015-1805. Acknowledgements: The security impact of this issue was discovered by Red Hat." Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ