Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 26 Mar 2016 17:52:11 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption

On Tue, Mar 22, 2016 at 11:58:39PM +0300, Solar Designer wrote:
> The primary reason I am posting this is so that other distros know the
> vulnerability was apparently shown to be exploitable.

And that's not the end of the story:

https://lwn.net/SubscriberLink/681062/b974fb24a6c4617b/

"Posted Mar 25, 2016 13:23 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]

Unfortunately the fix by Seth Jennings for RHEL, later applied to
stable branches, was still incorrect, leading to CVE-2016-0774. I hope
AOSP picks up the second fix as well."

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0774

"Petr Matousek  2016-02-02 09:34:35 EST 

It was found that the fix for CVE-2015-1805 incorrectly kept buffer
offset and buffer length in sync on failed atomic read, potentially
resulting in pipe buffer state corruption.

A local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user-space.

Upstream Linux kernel is not affected by this flaw as it was introduced
by the Red Hat Enterprise Linux only fix for CVE-2015-1805.

Acknowledgements:

The security impact of this issue was discovered by Red Hat."

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ