The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel prior to 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 6.0 |
||
google android 5.1.1 |
||
google android 4.4.3 |
||
google android 5.1 |
||
google android 5.0.1 |
||
linux linux kernel |
Firmware update needed to sink blunder that lets apps hijack devices
Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices. The vulnerability (CVE-2015-1805) affects all Android devices running Linux kernel versions below 3.18 – we're talking millions of gadgets and handhelds, here. The vulnerability is a privilege elevation that lets apps execute arbitrary code in the kernel, allowing normal software to commandeer the hardware and install spyware, malware or legit custom firmware. Affected users ...