{
  "name" : "pipe inatomic",
  "CVE" : [["CVE-2015-1805","CVE-2015-1805"]],
  "Coordinated_disclosure" : "true",
  "Categories" : ["kernel"],
  "Details" : [["The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.'","CVE-2015-1805"],
    ["This is a known issue in the upstream Linux kernel that was fixed in April 2014 but wasn’t called out as a security fix and assigned CVE-2015-1805 until February 2, 2015. On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update.  On March 15, 2016 Google received a report from Zimperium that this vulnerability had been abused on a Nexus 5 device. Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges.","android-advisory-2016-03-18"]],
  "Discovered_by" : [["Red Hat","redhatbug-1202855"]],
  "Discovered_on" : [["2015-02-02","android-advisory-2016-03-18"],["2015-03-17","redhatbug-1202855"]],
  "Submission" : [{"by":"drt24","on":"2016-03-21"}],
  "Reported_on" : [["2015-06-06","openwall-2015-06-06-2"]],
  "Fixed_on" : [["2015-06-16", "pipe-inatomic-patch3.4"]],
  "Fix_released_on" : [],
  "Affected_versions" : [["Kernel versions 3.4, 3.10 and 3.14","android-advisory-2016-03-18"]],
  "Affected_devices" : [["all","android-advisory-2016-03-18"]],
  "Affected_versions_regexp" : [],
  "Affected_manufacturers" : [["all"]],
  "Fixed_versions" : [["Kernel versions from 3.18 and patched kernels","android-advisory-2016-03-18"]],
  "references" : {
    "CVE-2015-1805" : {
      "url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805"
    }
  , "android-advisory-2016-03-18" : {
      "url" : "https://source.android.com/security/advisory/2016-03-18.html"
    }
  , "pipe-inatomic-patch3.4" : {
      "url" : "https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5"
    , "commit" : "f7ebfe91b806501808413c8473a300dff58ddbb5"
    , "component" : "kernel/common"
    }
  , "pipe-inatomic-patch3.10" : {
      "url" : "https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb"
    , "commit" : "4a5a45669796c5b4617109182e25b321f9f00beb"
    , "component" : "kernel/common"
    }
  , "pipe-inatomic-patch3.14" : {
      "url" : "https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f"
    , "commit" : "bf010e99c9bc48002f6bfa1ad801a59bf996270f"
    , "component" : "kernel/common"
    }
  , "redhatbug-1202855" : {
      "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202855"
    }
  , "openwall-2015-06-06-2" : {
      "url" : "http://www.openwall.com/lists/oss-security/2015/06/06/2"
    }
  },
  "Surface": ["local", "app"],
  "Vector": ["memory-corruption"],
  "Target": ["kernel"],
  "Channel": ["app-execution"],
  "Condition": ["affected-app-installed"],
  "Privilege": ["kernel"]
}