104 matches found
Denial Of Service
Linux kernel is vulnerable to denial of service attacks. A user could exploit this flaw using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5 causing denial of service conditions. Affected is the file crypto/mcryptd.c...
USN-3930-2: Linux kernel (HWE) vulnerabilities
USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sou...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1232)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local...
SUSE-SU-2018:0597-1 Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)
This update for the Linux Kernel 4.4.82-66 fixes one issue. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...
SUSE-SU-2018:0579-1 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2)
This update for the Linux Kernel 4.4.74-9238 fixes several issues. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...
SUSE-SU-2018:0574-1 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2)
This update for the Linux Kernel 4.4.59-9220 fixes one issue. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...
SUSE-SU-2018:0577-1 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2)
This update for the Linux Kernel 4.4.59-9224 fixes one issue. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt...
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified othe...
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface CONFIGCRYPTOUSERAPIAEAD and pcrypt CONFIGCRYPTOPCRYPT to cause a denial of service kfree of an incorrect pointer or possibly have unspecified other...
CVE-2017-17805
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-based skcipher interface CONFIGCRYPTOUSERAPISKCIPHER to cause a denial of service uninitialized-memory free and kernel crash or have...
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...
CVE-2015-8970
crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...
Null pointer dereference
crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...
CVE-2015-8970
crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...
CVE-2015-8970
CVE-2015-8970 affects the Linux kernel prior to 4.4.2. The vulnerability is in crypto/algif_skcipher.c where a setkey operation on an AF_ALG socket may not be verified before an accept system call is processed, allowing a local attacker to trigger a NULL pointer dereference and system crash via a...