Description
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.
References (10)
Core 10
Core References
Various Sources x_refsource_misc
http://grsecurity.net/~spender/viro.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73286
Patch x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3
Various Sources x_refsource_misc
http://twitter.com/grsecurity/statuses/579050211605102592
Various Sources x_refsource_misc
http://twitter.com/grsecurity/statuses/579060953477701632
Various Sources x_refsource_misc
http://twitter.com/grsecurity/statuses/579075689439059968
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/03/23/14
Patch x_refsource_confirm
https://github.com/torvalds/linux/commit/4de930efc23b92ddf88ce91c405ee645fe6e27ea
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1205242
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (3)
linux/linux_kernel
3.19
linux/linux_kernel
3.19.1
linux/linux_kernel
3.19.2
Published
May 02, 2016
Tracked Since
Feb 18, 2026