exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

CVE-2015-3331

Status Candidate

Overview

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

Related Files

Red Hat Security Advisory 2015-1199-01
Posted Jul 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1199-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2015-1805, CVE-2015-3331
MD5 | 491f98a8a0d5442cd077185b1ea0443c
Ubuntu Security Notice USN-2632-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2632-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, CVE-2015-4167
MD5 | 082ba2b887c6e0e23381acdc6a9d54fc
Ubuntu Security Notice USN-2631-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2631-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, CVE-2015-4167
MD5 | d8b7b69612ee9fb1d4df8c4cbf76f90e
Red Hat Security Advisory 2015-1081-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1081-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9419, CVE-2014-9420, CVE-2014-9585, CVE-2015-1805, CVE-2015-3331
MD5 | 0e7d7a1064820b41a23e837f63b09bc2
Ubuntu Security Notice USN-2616-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-9710, CVE-2015-3331, CVE-2015-3332
MD5 | b7a57d122b1969632efca942f390ac2d
Ubuntu Security Notice USN-2615-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2615-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-9710, CVE-2015-3331, CVE-2015-3332
MD5 | d99ecd759400d48396ec2d7e03ae2273
Ubuntu Security Notice USN-2613-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2613-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9715, CVE-2015-2150, CVE-2015-2830, CVE-2015-3331
MD5 | 214b40cc8343400a3681fa170a4f9165
Ubuntu Security Notice USN-2614-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2614-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9715, CVE-2015-2150, CVE-2015-2830, CVE-2015-3331
MD5 | 75247bc7dffeb9b3b500a0b34f89d634
Red Hat Security Advisory 2015-0981-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0981-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. The kernel-rt packages have been upgraded to version 3.10.0-229.4.1, which provides a number of bug fixes and enhancements over the previous version, including:

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2015-3331
MD5 | 61aa399463d062c7cb475a902735a151
Red Hat Security Advisory 2015-0989-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0989-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5, which is layered on Red Hat Enterprise Linux 6. The kernel-rt sources have been updated to include fixes for the following issues:

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2015-3331
MD5 | 0f07bcd9853e774b8e740a8081c1ad36
Red Hat Security Advisory 2015-0987-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0987-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association.

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2015-3331
MD5 | 06ef2ae8d8d92c9bde1c217a49ff0d11
Debian Security Advisory 3237-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-8159, CVE-2014-9715, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3332, CVE-2015-3339
MD5 | 3353c955b704e481b75f84524768c42c
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close