CVE-2016-0774
Published: 27 April 2016
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
From the Ubuntu Security Team
It was discovered that the Linux kernel did not keep accurate track of pipe buffer details when error conditions occurred, due to an incomplete fix for CVE-2015-1805. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
Notes
Author | Note |
---|---|
jdstrand |
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
precise |
Released
(3.2.0-102.142)
|
trusty |
Released
(3.13.0-86.130)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
Patches:
Introduced by Fixed by local-2016-0774-fix |
||
linux-armadaxp
Launchpad, Ubuntu, Debian |
precise |
Released
(3.2.0-1665.90)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-aws
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Does not exist
|
|
linux-flo
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-gke
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Does not exist
|
|
linux-goldfish
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-grouper
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-hwe
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Does not exist
|
|
linux-hwe-edge
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Does not exist
|
|
linux-linaro-omap
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-linaro-shared
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-linaro-vexpress
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-quantal
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-raring
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-saucy
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-trusty
Launchpad, Ubuntu, Debian |
precise |
Released
(3.13.0-86.130~precise1)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-utopic
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-vivid
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-wily
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-xenial
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-maguro
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-mako
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-manta
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-qcm-msm
Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-raspi2
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-snapdragon
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-ti-omap4
Launchpad, Ubuntu, Debian |
precise |
Released
(3.2.0-1480.106)
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
References
- http://www.openwall.com/lists/oss-security/2016/03/26/2
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0774
- https://ubuntu.com/security/notices/USN-2967-2
- https://ubuntu.com/security/notices/USN-2967-1
- https://ubuntu.com/security/notices/USN-2968-1
- https://ubuntu.com/security/notices/USN-2968-2
- https://www.cve.org/CVERecord?id=CVE-2016-0774
- NVD
- Launchpad
- Debian