We have moved to a new Sailfish OS Forum. Please start new discussions there.

Revision history [back]

click to hide/show revision 1
initial version

posted 2017-05-09 12:58:29 +0200

validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom in kernel-net CVE-2015-2686 critical

Description
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. CVSSv3 7.8 high (attack range: local)

Upstream-Commit is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/socket.c lines:1707-1712; 1766-1771

validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom in kernel-net CVE-2015-2686 critical

Description
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. CVSSv3 7.8 high (attack range: local)

Upstream-Commit is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/socket.c lines:1707-1712; 1766-1771

validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom in kernel-net CVE-2015-2686 critical

Description
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. CVSSv3 7.8 high (attack range: local)

Upstream-Commit is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/socket.c lines:1707-1712; 1766-1771

edit20170523: seems to be rejected, why?

validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom in kernel-net CVE-2015-2686 critical

Description
net/socket.c in the Linux kernel - not just 3.19 http://www.securityfocus.com/bid/73286 - before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. CVSSv3 7.8 high (attack range: local)

Upstream-Commit is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/socket.c lines:1707-1712; 1766-1771

edit20170523: seems to be rejected, why?