CVE-2015-3331
CVSS v2.0
9.3 (High)
EPSS
0.23 % (62th)
Affected Products
3
Advisories
25
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
Weaknesses
- CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-05-27 10:59:07
(9 years ago) - Updated Date
-
2023-11-07 02:25:36
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...