CVE-2015-1805

CVSS v2.0 7.2 (High)

EPSS 0.04 % (11^th)

Affected Products 2

Advisories 24

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."

Weaknesses

CWE-17: DEPRECATED: Code

Related CVEs

CVE-2016-0774

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2015-08-08 10:59:00
(9 years ago)
Updated Date: 2018-01-05 02:30:00
(6 years ago)

Affected Products

Google

Android

Linux

Linux Kernel

Configuration #1

		CPE23	From	Up To
	Google Android 4.4.3	cpe:2.3:o:google:android:4.4.3
	Google Android 5.0.1	cpe:2.3:o:google:android:5.0.1
	Google Android 5.1	cpe:2.3:o:google:android:5.1
	Google Android 5.1.1	cpe:2.3:o:google:android:5.1.1
	Google Android 6.0	cpe:2.3:o:google:android:6.0

Configuration #2

		CPE23	From	Up To
	Linux Kernel 3.15.10 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 3.15.10