CVE-2015-3331
published 2015-05-27CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
10.11%
95.1th percentile
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 3.16.7-ckt9-3 (bookworm) | linux 3.16.7-ckt9-3 (bookworm) |
| linux | linux_kernel | < 3.2.69 | 3.2.69 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt9-3 | 3.16.7-ckt9-3 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt9-3 | 3.16.7-ckt9-3 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt9-3 | 3.16.7-ckt9-3 |
| linux | linux_kernel | >= 0 < 3.16.7-ckt9-3 | 3.16.7-ckt9-3 |
| linux | linux_kernel | >= 0 < 3.13.0-53.88 | 3.13.0-53.88 |
| linux | linux_kernel | >= 3.12 < 3.12.40 | 3.12.40 |
| linux | linux_kernel | >= 3.13 < 3.14.37 | 3.14.37 |
| linux | linux_kernel | >= 3.15 < 3.16.35 | 3.16.35 |
| linux | linux_kernel | >= 3.17 < 3.18.11 | 3.18.11 |
| linux | linux_kernel | >= 3.19 < 3.19.3 | 3.19.3 |
| linux | linux_kernel | >= 3.3 < 3.4.108 | 3.4.108 |
| linux | linux_kernel | >= 3.5 < 3.10.73 | 3.10.73 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-px59-358h-xw3q: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue
ghsa_unreviewed·2022-05-14
CVE-2015-3331 [HIGH] CWE-119 GHSA-px59-358h-xw3q: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
OSV
CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue
osv·2015-05-27·CVSS 9.3
CVE-2015-3331 [CRITICAL] CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
OSV
linux vulnerabilities
osv·2015-05-20·CVSS 4.9
CVE-2014-9715 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Vincent Tondellier discovered an integer overflow in the Linux kernel's
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80 entry
on 64 bit kernels with 32 bit emulation support. An unprivileged local
attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)
A
OSV
linux-lts-utopic vulnerabilities
osv·2015-05-20·CVSS 6.9
CVE-2014-9710 [MEDIUM] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Alexandre Oliva reported a race condition flaw in the btrfs file system's
handling of extended attributes (xattrs). A local attacker could exploit
this flaw to bypass ACLs and potentially escalate privileges.
(CVE-2014-9710)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)
A flaw was discovered in the Linux kernel's IPv4 networking when using TCP
fast open to initiate a connection. An unprivileged local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2015-3332)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-2150 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80
entry on 64 bit kernels with 32 bit emulation support. An unprivileged
local attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
p
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-2150 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80
entry on 64 bit kernels with 32 bit emulation support. An unprivileged
local attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially es
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-05-20·CVSS 4.9
CVE-2014-9715 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Vincent Tondellier discovered an integer overflow in the Linux kernel's
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80 entry
on 64 bit kernels with 32 bit emulation support. An unprivileged local
attacker could exploi
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2015-05-20·CVSS 4.9
CVE-2014-9715 [MEDIUM] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Vincent Tondellier discovered an integer overflow in the Linux kernel's
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80
entry on 64 bit kernels with 32 bit emulation support. An unprivileged
local attacker
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-05-20·CVSS 6.9
CVE-2014-9710 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Alexandre Oliva reported a race condition flaw in the btrfs file system's
handling of extended attributes (xattrs). A local attacker could exploit
this flaw to bypass ACLs and potentially escalate privileges.
(CVE-2014-9710)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)
A flaw was discovered in the Linux kernel's IPv4 networking when using TCP
fast open to initiate a connection. An unprivileged local user could
exploit this fla
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2015-05-20·CVSS 6.9
CVE-2014-9710 [MEDIUM] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Alexandre Oliva reported a race condition flaw in the btrfs file system's
handling of extended attributes (xattrs). A local attacker could exploit
this flaw to bypass ACLs and potentially escalate privileges.
(CVE-2014-9710)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
privileges on Intel base machines with AEC-GCM mode IPSec security
association. (CVE-2015-3331)
A flaw was discovered in the Linux kernel's IPv4 networking when using TCP
fast open to initiate a connection. An unprivileged local user could
exp
Red Hat
Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
vendor_redhat·2015-03-12·CVSS 9.3
CVE-2015-3331 [CRITICAL] CWE-120 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a
Debian
CVE-2015-3331: linux - The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in t...
vendor_debian·2015·CVSS 9.3
CVE-2015-3331 [CRITICAL] CVE-2015-3331: linux - The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in t...
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
Scope: local
bookworm: resolved (fixed in 3.16.7-ckt9-3)
bullseye: resolved (fixed in 3.16.7-ckt9-3)
forky: resolved (fixed in 3.16.7-ckt9-3)
sid: resolved (fixed in 3.16.7-ckt9-3)
trixie: resolved (fixed in 3.16.7-ckt9-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI [fedora-all]
bugzilla·2015-04-20·CVSS 9.3
CVE-2015-3331 [CRITICAL] CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI [fedora-all]
CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Bugzilla
CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
bugzilla·2015-04-20·CVSS 9.3
CVE-2015-3331 [CRITICAL] CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI
Linux kernel built with the Intel AES-NI instructions for AES algorithm support
(CONFIG_CRYPTO_AES_NI_INTEL) is vulnerable to a memory corruption issue. It could occur when using the Intel AES-NI instruction to decrypt fragmented network packets.
An unprivileged remote user could use this flaw to crash the system (denial of service) or, potentially, escalate their privileges on a system over a connection with an active AEC-GCM mode IPSec security association.
Upstream fix:
-> https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
Reference:
-> http://www.openwall.com/lists/oss-security/2015/04/18/1
-> https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instruction
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccfe8c3f7e52ae83155cb038753f4c75b774ca8ahttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1081.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1199.htmlhttp://www.debian.org/security/2015/dsa-3237http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3http://www.openwall.com/lists/oss-security/2015/04/14/16http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securitytracker.com/id/1032416http://www.ubuntu.com/usn/USN-2631-1http://www.ubuntu.com/usn/USN-2632-1https://bugzilla.redhat.com/show_bug.cgi?id=1213322https://github.com/torvalds/linux/commit/ccfe8c3f7e52ae83155cb038753f4c75b774ca8ahttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccfe8c3f7e52ae83155cb038753f4c75b774ca8ahttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1081.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1199.htmlhttp://www.debian.org/security/2015/dsa-3237http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3http://www.openwall.com/lists/oss-security/2015/04/14/16http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securitytracker.com/id/1032416http://www.ubuntu.com/usn/USN-2631-1http://www.ubuntu.com/usn/USN-2632-1https://bugzilla.redhat.com/show_bug.cgi?id=1213322https://github.com/torvalds/linux/commit/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
2015-05-27
Published