CVE-2016-0774 in Google Android
요약 (영어)
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
예약하다
2015. 12. 16.
공개
2016. 04. 27.
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 83128 | Google Android Kernel 권한 상승 | 20 | 정의되지 않음 | 공식 수정 | CVE-2016-0774 |
| 82949 | Red Hat Enterprise Linux pipe.c pipe_write 권한 상승 | 20 | 정의되지 않음 | 공식 수정 | CVE-2016-0774 |