CVE-2015-3331

 

Published at: - 27-05-2015 12:59

Last modified: - 19-01-2023 05:06

Total changes: - 3

Description

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3
• https://bugzilla.redhat.com/show_bug.cgi?id=1213322
• https://github.com/torvalds/linux/commit/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
• [oss-security] 20150414 Buffer overruns in Linux kernel RFC4106 implementation using AESNI-Mailing List
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
• 1032416-Third Party Advisory, VDB Entry
• DSA-3237-Third Party Advisory
• RHSA-2015:1199-Third Party Advisory
• USN-2631-1-Third Party Advisory
• USN-2632-1-Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• SUSE-SU-2015:1478-Issue Tracking, Third Party Advisory
• SUSE-SU-2015:1491-Issue Tracking, Third Party Advisory
• SUSE-SU-2015:1489-Issue Tracking, Third Party Advisory
• SUSE-SU-2015:1488-Issue Tracking, Third Party Advisory
• SUSE-SU-2015:1487-Issue Tracking, Third Party Advisory
• RHSA-2015:1081-Third Party Advisory

 

Keywords

NVD

 

CVE-2015-3331

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures