** Description changed: - [Buffer overruns in Linux kernel RFC4106 implementation using AESNI] + The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni- + intel_glue.c in the Linux kernel before 3.19.3 does not properly + determine the memory locations used for encrypted data, which allows + context-dependent attackers to cause a denial of service (buffer + overflow and system crash) or possibly execute arbitrary code by + triggering a crypto API call, as demonstrated by use of a libkcapi test + program with an AF_ALG(aead) socket. Break-Fix: 0bd82f5f6355775fbaf7d3c664432ce1b862be1e ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1447367 Title: CVE-2015-3331 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1447367/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
