CVE-2015-8830
kernel: AIO write triggers integer overflow in some protocols
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.
Desbordamiento de entero en la función aio_setup_single_vector en fs/aio.c en el kernel de Linux 4.0 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un iovec AIO grande. NOTA: esta vulnerabilidad existe debido a una regresión de CVE-2012-6701.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-03-02 CVE Reserved
- 2016-03-04 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4f4b82694fe48b02f7a881a1797131a6dad1364 | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2016/03/02/9 | Mailing List |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.0 Search vendor "Linux" for product "Linux Kernel" and version "4.0" | - |
Affected
|