ELSA-2016-3648 -- Oracle kernel-uek_dtrace-modulesID: oval:org.secpod.oval:def:1501696 | Date: (C)2016-12-09 (M)2024-01-29 |
Class: PATCH | Family: unix |
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
Product: |
kernel-uek |
dtrace-modules 4.x |