Lucene search
K

104 matches found

Veracode
Veracode
added 2019/05/02 6:36 a.m.30 views

Denial Of Service

Linux kernel is vulnerable to denial of service attacks. A user could exploit this flaw using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5 causing denial of service conditions. Affected is the file crypto/mcryptd.c...

5.5CVSS5.9AI score0.00434EPSS
Exploits0References47Affected Software2
Ubuntu
Ubuntu
added 2019/04/02 6:36 p.m.98 views

USN-3930-2: Linux kernel (HWE) vulnerabilities

USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sou...

8.1CVSS6.9AI score0.16523EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2018/09/18 12:0 a.m.263 views

EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1232)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local...

7.8CVSS6.8AI score0.00561EPSS
Exploits0References4
OSV
OSV
added 2018/03/02 5:59 p.m.4 views

SUSE-SU-2018:0597-1 Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

This update for the Linux Kernel 4.4.82-66 fixes one issue. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 4:49 p.m.6 views

SUSE-SU-2018:0579-1 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2)

This update for the Linux Kernel 4.4.74-9238 fixes several issues. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References4
OSV
OSV
added 2018/03/01 4:28 p.m.3 views

SUSE-SU-2018:0574-1 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2)

This update for the Linux Kernel 4.4.59-9220 fixes one issue. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 4:28 p.m.4 views

SUSE-SU-2018:0577-1 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2)

This update for the Linux Kernel 4.4.59-9224 fixes one issue. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2018/01/29 5:20 a.m.31 views

CVE-2017-18075

crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified othe...

7.8CVSS4.4AI score0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/01/24 10:0 a.m.31 views

CVE-2017-18075

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...

7.6AI score0.00408EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/01/24 12:0 a.m.21 views

CVE-2017-18075

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...

7.8CVSS6.8AI score0.00408EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2017/12/20 11:0 p.m.51 views

CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-based skcipher interface CONFIGCRYPTOUSERAPISKCIPHER to cause a denial of service uninitialized-memory free and kernel crash or have...

7.8CVSS6.6AI score0.00428EPSS
Exploits0
OSV
OSV
added 2017/01/18 9:59 p.m.9 views

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

5.5CVSS7AI score0.00434EPSS
Exploits0References9
NVD
NVD
added 2017/01/18 9:59 p.m.19 views

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

5.5CVSS5.5AI score0.00434EPSS
Exploits0References9
Cvelist
Cvelist
added 2017/01/18 9:0 p.m.30 views

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

5.7AI score0.00434EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2017/01/18 9:0 p.m.38 views

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

5.5CVSS6.2AI score0.00434EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/01/18 12:0 a.m.46 views

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

5.5CVSS6.8AI score0.00434EPSS
Exploits0References5
OSV
OSV
added 2016/11/28 3:59 a.m.9 views

CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

5.5CVSS6.4AI score
Exploits0References16
Prion
Prion
added 2016/11/28 3:59 a.m.20 views

Null pointer dereference

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

4.9CVSS6.4AI score0.00504EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2016/11/28 3:59 a.m.29 views

CVE-2015-8970

crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...

5.5CVSS6.6AI score0.00504EPSS
Exploits0References4
CVE
CVE
added 2016/11/28 3:1 a.m.189 views

CVE-2015-8970

CVE-2015-8970 affects the Linux kernel prior to 4.4.2. The vulnerability is in crypto/algif_skcipher.c where a setkey operation on an AF_ALG socket may not be verified before an accept system call is processed, allowing a local attacker to trigger a NULL pointer dereference and system crash via a...

5.5CVSS5.4AI score0.00504EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder