CVE-2015-8830

Impact:
Moderate
Public Date:
2015-03-21
CWE:
CWE-190
Bugzilla:
1314275: CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols

The MITRE CVE dictionary describes this issue as:

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.

Find out more about CVE-2015-8830 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the related AIO vector code is not present in this product.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7. Future Linux kernel updates for the respective releases might address this issue.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.

CVSS v2 metrics

Base Score 4.9
Base Metrics AV:L/AC:L/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2018:3096 2018-10-30
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:3083 2018-10-30
Red Hat Enterprise Linux 6 (kernel) RHSA-2018:1854 2018-06-19

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 5 kernel Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation