{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1211", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1211.html"}, {"name": "DSA-3290", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3290"}, {"name": "1032454", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032454"}, {"name": "SUSE-SU-2015:1491", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"}, {"name": "74951", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74951"}, {"name": "RHSA-2015:1120", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1120.html"}, {"name": "USN-2967-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"name": "SUSE-SU-2015:1489", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.android.com/security/bulletin/2016-05-01.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202855"}, {"name": "SUSE-SU-2015:1488", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"}, {"name": "USN-2680-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2680-1"}, {"name": "RHSA-2015:1082", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1082.html"}, {"name": "USN-2679-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2679-1"}, {"name": "SUSE-SU-2015:1611", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"name": "USN-2967-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "SUSE-SU-2015:1324", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"}, {"name": "RHSA-2015:1138", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1190", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1190.html"}, {"name": "[oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/06/2"}, {"name": "RHSA-2015:1199", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1199.html"}, {"name": "USN-2681-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2681-1"}, {"name": "RHSA-2015:1042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1042.html"}, {"name": "SUSE-SU-2015:1478", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045"}, {"name": "SUSE-SU-2015:1490", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.android.com/security/bulletin/2016-04-02.html"}, {"name": "SUSE-SU-2015:1224", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"name": "RHSA-2015:1137", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"name": "SUSE-SU-2015:1487", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1"}, {"name": "SUSE-SU-2015:1592", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1"}, {"name": "RHSA-2015:1081", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1081.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.310Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1211", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1211.html"}, {"name": "DSA-3290", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3290"}, {"name": "1032454", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032454"}, {"name": "SUSE-SU-2015:1491", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"}, {"name": "74951", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74951"}, {"name": "RHSA-2015:1120", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1120.html"}, {"name": "USN-2967-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"name": "SUSE-SU-2015:1489", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.android.com/security/bulletin/2016-05-01.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202855"}, {"name": "SUSE-SU-2015:1488", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"}, {"name": "USN-2680-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2680-1"}, {"name": "RHSA-2015:1082", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1082.html"}, {"name": "USN-2679-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2679-1"}, {"name": "SUSE-SU-2015:1611", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"name": "USN-2967-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "SUSE-SU-2015:1324", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"}, {"name": "RHSA-2015:1138", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1190", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1190.html"}, {"name": "[oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/06/06/2"}, {"name": "RHSA-2015:1199", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1199.html"}, {"name": "USN-2681-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2681-1"}, {"name": "RHSA-2015:1042", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1042.html"}, {"name": "SUSE-SU-2015:1478", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045"}, {"name": "SUSE-SU-2015:1490", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.android.com/security/bulletin/2016-04-02.html"}, {"name": "SUSE-SU-2015:1224", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"name": "RHSA-2015:1137", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"name": "SUSE-SU-2015:1487", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1"}, {"name": "SUSE-SU-2015:1592", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1"}, {"name": "RHSA-2015:1081", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1081.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1805", "datePublished": "2015-08-08T10:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.310Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74BEC8F8-418F-4EE6-A5D9-93B82F28D97B", "versionEndIncluding": "3.15.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\""}, {"lang": "es", "value": "Vulnerabilidad en las implementaciones (1) pipe_read y (2) pipe_write en fs/pipe.c en el kernel de Linux en versiones anteriores a 3.16, no considera correctamente los efectos secundarios de llamadas __copy_to_user_inatomic y __copy_from_user_inatomic fallidas, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) o posiblemente obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, tambi\u00e9n conocida como una 'saturaci\u00f3n del array del vector I/O'."}], "id": "CVE-2015-1805", "lastModified": "2018-01-05T02:30:00.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-08T10:59:00.113", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1042.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1081.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1082.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1120.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1190.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1199.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1211.html"}, {"source": "secalert@redhat.com", "url": "http://source.android.com/security/bulletin/2016-04-02.html"}, {"source": "secalert@redhat.com", "url": "http://source.android.com/security/bulletin/2016-05-01.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3290"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/06/06/2"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/74951"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1032454"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2679-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2680-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2681-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202855"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Red Hat.", "affected_release": [{"advisory": "RHSA-2015:1042", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-406.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-06-02T00:00:00Z"}, {"advisory": "RHSA-2015:1190", "cpe": "cpe:/o:redhat:rhel_mission_critical:5.6", "package": "kernel-0:2.6.18-238.56.1.el5", "product_name": "Red Hat Enterprise Linux 5.6 Long Life", "release_date": "2015-06-25T00:00:00Z"}, {"advisory": "RHSA-2015:1120", "cpe": "cpe:/o:redhat:rhel_aus:5.9", "package": "kernel-0:2.6.18-348.31.2.el5", "product_name": "Red Hat Enterprise Linux 5.9 Long Life", "release_date": "2015-06-16T00:00:00Z"}, {"advisory": "RHSA-2015:1081", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.23.4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-06-09T00:00:00Z"}, {"advisory": "RHSA-2015:1082", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.63.2.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-06-09T00:00:00Z"}, {"advisory": "RHSA-2015:1211", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "kernel-0:2.6.32-358.62.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-07-07T00:00:00Z"}, {"advisory": "RHSA-2015:1199", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "kernel-0:2.6.32-431.59.1.el6", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-06-30T00:00:00Z"}, {"advisory": "RHSA-2015:1139", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-229.7.2.rt56.141.6.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2015:1137", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-229.7.2.ael7b", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2015:1138", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-229.rt56.153.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2015-06-23T00:00:00Z"}], "bugzilla": {"description": "kernel: pipe: iovec overrun leading to memory corruption", "id": "1202855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202855"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "details": ["The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"", "It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system."], "name": "CVE-2015-1805", "package_state": [{"cpe": "cpe:/o:redhat:rhel_eus:5.6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.6"}], "public_date": "2015-06-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1805"], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "threat_severity": "Important"}