The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2015-08-08 03:59
Updated : 2018-01-04 18:30
NVD link : CVE-2015-1805
Mitre link : CVE-2015-1805
JSON object : View
CWE
CWE-17
DEPRECATED: Code
Products Affected
- android
linux
- linux_kernel