Denial of Service and Privilege Escalation in Linux Kernel's pcrypt.c

Denial of Service and Privilege Escalation in Linux Kernel's pcrypt.c

CVE-2017-18075 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.