Buffer Overflow Vulnerability in Linux Kernel's AESNI-Intel Driver

Buffer Overflow Vulnerability in Linux Kernel's AESNI-Intel Driver

CVE-2015-3331 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.