Resolution for CVE-2015-1805, pipe: iovec overrun leading to memory corruption

Solution Verified - Updated -

Issue

  • pipe: iovec overrun leading to memory corruption
  • What is CVE-2015-1805 ?
  • System may panic with the following messages :
splunkd[25427] general protection ip:7ff1015e4421 sp:7ff1003f7700 error:0 in libjemalloc.so.1[7ff1015d5000+33000]
RIP  [<ffffffff8116f0d4>] s_show+0xe4/0x330
RIP: 0010:[<ffffffff8128f028>]  [<ffffffff8128f028>] memset+0x8/0xc0
RIP: 0010:[<ffffffff81167274>]  [<ffffffff81167274>] cache_alloc_refill+0x1e4/0x240
RIP: 0010:[<ffffffff8117023b>]  [<ffffffff8117023b>] kmem_cache_free+0x7b/0x2b0
list_del corruption. next->prev should be ffff880476113000, but was ffff880476112569
WARNING: at lib/list_debug.c:51 list_del+0x8d/0xa0() (Not tainted)
BUG: unable to handle kernel NULL pointer dereference at (null)
general protection fault: 0000 [#1] SMP 
kernel BUG at mm/slab.c:3069!
invalid opcode: 0000 [#1] SMP 

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise MGR v2
  • Transparent Huge Pages (THP) enabled + NUMA environment
  • splunkd / splunk-optimize

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In