Resolution for CVE-2015-1805, pipe: iovec overrun leading to memory corruption

Solution Verified - Updated -

Issue

  • pipe: iovec overrun leading to memory corruption
  • What is CVE-2015-1805 ?
  • System may panic with the following messages :
splunkd[25427] general protection ip:7ff1015e4421 sp:7ff1003f7700 error:0 in libjemalloc.so.1[7ff1015d5000+33000]
RIP  [<ffffffff8116f0d4>] s_show+0xe4/0x330
RIP: 0010:[<ffffffff8128f028>]  [<ffffffff8128f028>] memset+0x8/0xc0
RIP: 0010:[<ffffffff81167274>]  [<ffffffff81167274>] cache_alloc_refill+0x1e4/0x240
RIP: 0010:[<ffffffff8117023b>]  [<ffffffff8117023b>] kmem_cache_free+0x7b/0x2b0
list_del corruption. next->prev should be ffff880476113000, but was ffff880476112569
WARNING: at lib/list_debug.c:51 list_del+0x8d/0xa0() (Not tainted)
BUG: unable to handle kernel NULL pointer dereference at (null)
general protection fault: 0000 [#1] SMP 
kernel BUG at mm/slab.c:3069!
invalid opcode: 0000 [#1] SMP

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise MGR v2
  • Transparent Huge Pages (THP) enabled + NUMA environment
  • splunkd / splunk-optimize

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content