ALAS-2015-523 --- kernel perfID: oval:org.secpod.oval:def:1200008 | Date: (C)2015-12-29 (M)2024-02-19 |
Class: PATCH | Family: unix |
A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. It was found that the Linux kernel"s ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system
Platform: |
Amazon Linux AMI |