SB2016050206 - Input validation error in Linux kernel
Published: May 2, 2016 Updated: August 9, 2020
Security Bulletin ID
SB2016050206
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2015-8019)
The vulnerability allows a local authenticated user to execute arbitrary code.
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
- http://patchwork.ozlabs.org/patch/530642/
- http://www.openwall.com/lists/oss-security/2015/10/27/11
- http://www.securityfocus.com/bid/77326
- https://bugzilla.redhat.com/show_bug.cgi?id=1276588