Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2015-3331
Description:The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni- intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
Test IDs: 1.3.6.1.4.1.25623.1.0.871363   1.3.6.1.4.1.25623.1.0.882184   1.3.6.1.4.1.25623.1.0.123122  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-3331
Debian Security Information: DSA-3237 (Google Search)
http://www.debian.org/security/2015/dsa-3237
http://www.openwall.com/lists/oss-security/2015/04/14/16
RedHat Security Advisories: RHSA-2015:1081
http://rhn.redhat.com/errata/RHSA-2015-1081.html
RedHat Security Advisories: RHSA-2015:1199
http://rhn.redhat.com/errata/RHSA-2015-1199.html
http://www.securitytracker.com/id/1032416
SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1487 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
SuSE Security Announcement: SUSE-SU-2015:1488 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
SuSE Security Announcement: SUSE-SU-2015:1489 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
SuSE Security Announcement: SUSE-SU-2015:1491 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
http://www.ubuntu.com/usn/USN-2631-1
http://www.ubuntu.com/usn/USN-2632-1




© 1998-2021 E-Soft Inc. All rights reserved.