Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20160326145211.GA22709@openwall.com>
Date: Sat, 26 Mar 2016 17:52:11 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption

On Tue, Mar 22, 2016 at 11:58:39PM +0300, Solar Designer wrote:
> The primary reason I am posting this is so that other distros know the
> vulnerability was apparently shown to be exploitable.

And that's not the end of the story:

https://lwn.net/SubscriberLink/681062/b974fb24a6c4617b/

"Posted Mar 25, 2016 13:23 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]

Unfortunately the fix by Seth Jennings for RHEL, later applied to
stable branches, was still incorrect, leading to CVE-2016-0774. I hope
AOSP picks up the second fix as well."

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0774

"Petr Matousek  2016-02-02 09:34:35 EST 

It was found that the fix for CVE-2015-1805 incorrectly kept buffer
offset and buffer length in sync on failed atomic read, potentially
resulting in pipe buffer state corruption.

A local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user-space.

Upstream Linux kernel is not affected by this flaw as it was introduced
by the Red Hat Enterprise Linux only fix for CVE-2015-1805.

Acknowledgements:

The security impact of this issue was discovered by Red Hat."

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.