CVE-2016-0774 in Androidinfo

Summary

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

12/16/2015

Disclosure

04/27/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
83128Google Android Kernel input validation20Not definedOfficial fixCVE-2016-0774
82949Red Hat Enterprise Linux pipe.c pipe_write input validation20Not definedOfficial fixCVE-2016-0774

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!