NVD

Id
25188  
Name
CVE-2015-3331  
Description
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2015-05-27  
Modified Date
2016-12-21  
Seq
2015-3331  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
133254 25188 CVE-2015-3331 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a  View
133255 25188 CVE-2015-3331 SUSE-SU-2015:1478  View
133256 25188 CVE-2015-3331 SUSE-SU-2015:1487  View
133257 25188 CVE-2015-3331 SUSE-SU-2015:1488  View
133258 25188 CVE-2015-3331 SUSE-SU-2015:1489  View
133259 25188 CVE-2015-3331 SUSE-SU-2015:1491  View
133260 25188 CVE-2015-3331 RHSA-2015:1199  View
133261 25188 CVE-2015-3331 DSA-3237  View
133262 25188 CVE-2015-3331 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3  View
133263 25188 CVE-2015-3331 [oss-security] 20150414 Buffer overruns in Linux kernel RFC4106 implementation using AESNI  View
133264 25188 CVE-2015-3331 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html  View
133265 25188 CVE-2015-3331 1032416  View
133266 25188 CVE-2015-3331 USN-2631-1  View
133267 25188 CVE-2015-3331 USN-2632-1  View
133268 25188 CVE-2015-3331 https://bugzilla.redhat.com/show_bug.cgi?id=1213322  View
133269 25188 CVE-2015-3331 https://github.com/torvalds/linux/commit/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7518 JVNDB-2015-002838 Linux Kernel の arch/x86/crypto/aesni-intel_glue.c 内の __driver_rfc4106_decrypt 関数におけるサービス運用妨害 (DoS) の脆弱性 Linux Kernel の arch/x86/crypto/aesni-intel_glue.c 内の __driver_rfc4106_decrypt 関数は、暗号化されたデータに使用されるメモリ領域を適切に判定しないため、サービス運用妨害 (バッファオーバーフローおよびシステムクラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。 CVE-2015-3331 80556 CVE-2015-3331 25188 9.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002838.html 2015-03-26 2015-09-03 View