CVE-2015-3331 in Linuxinformazioni

Riassunto

di MITRE • 25/01/2023

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!