Lucene search

K
cvelistRedhatCVELIST:CVE-2015-8970
HistoryNov 28, 2016 - 3:01 a.m.

CVE-2015-8970

2016-11-2803:01:00
redhat
www.cve.org
8

AI Score

5.6

Confidence

High

EPSS

0

Percentile

5.1%

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.

AI Score

5.6

Confidence

High

EPSS

0

Percentile

5.1%