[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2015-523 --- kernel perf

ID: oval:org.secpod.oval:def:1200008Date: (C)2015-12-29   (M)2024-02-19
Class: PATCHFamily: unix




A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. It was found that the Linux kernel"s ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system

Platform:
Amazon Linux AMI
Product:
kernel
perf
Reference:
ALAS-2015-523
CVE-2015-3331
CVE-2015-3636
CVE    2
CVE-2015-3331
CVE-2015-3636
CPE    5
cpe:/o:amazon:linux
cpe:/o:linux:linux_kernel
cpe:/a:perf:perf
cpe:/o:linux:linux_kernel:4.0.2
...

© SecPod Technologies