I/O Vector Array Overrun Vulnerability in Linux Kernel

CVE-2015-1805 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.