CVE-2016-0774

NameCVE-2016-0774
DescriptionThe (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-439-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1fixed
stretch (security)4.9.246-2fixed
buster, buster (security)4.19.171-2fixed
bullseye, sid5.10.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy3.2.73-2+deb7u3
linuxsource(unstable)3.16.2-2
linux-2.6sourcesqueeze2.6.32-48squeeze20DLA-439-1
linux-2.6source(unstable)(unfixed)

Notes

https://rhn.redhat.com/errata/RHSA-2016-0103.html
The upstream fix for 3.16 was correct, but wheezy had a incomplete backport

Search for package or bug name: Reporting problems