CVE-2018-25062

CVE-2018-25062 affects flar2 ElementalX up to 6.x on Nexus 9. The issue is in the ipsec component, specifically the function xfrm_dump_policy_done in net/xfrm/xfrm_user.c, whose manipulation can cause a denial of service. A fix is available: upgrade to ElementalX 7.00 (patch 1df72c9f0f61304437f4f...

CVE-2018-25062 flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrmdumppolicydone of the file net/xfrm/xfrmuser.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this...

CVE-2018-25062 flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrmdumppolicydone of the file net/xfrm/xfrmuser.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation attacks. This occurs in the xfrmreplayverifylen function in net/xfrm/xfrmuser.c. A local user with CAPNETADMIN capabilities could supply specially crafted namespace data to trigger a denial of service attack and execute arbitrary code...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3308-1)

This update for the Linux Kernel 3.12.61-5266 fixes several issues. The following security issues were fixed : - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrmuser.c allowed local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3304-1)

This update for the Linux Kernel 3.12.60-5263 fixes several issues. The following security issues were fixed : - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrmuser.c allowed local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF...

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3307-1)

This update for the Linux Kernel 3.12.61-52101 fixes several issues. The following security issues were fixed : - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrmuser.c allowed local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF...

Heap overflow

The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which allows local users to obtain root privileges or cause a denial of service heap-based out-of-bounds access by leveraging the CAPNETADMI...

Design/Logic Flaw

net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability and providing a 1 new or 2...

Information disclosure

net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability...

UBUNTU-CVE-2012-6537

net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability...

CVE-2012-6536

net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability and providing a 1 new or 2...

Linux Kernel XFRM数组索引溢出漏洞

BUGTRAQ ID: 14477 CVECAN ID: CAN-2005-2456 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的xfrmuser.c文件的xfrmskpolicyinsert函数中存在数组索引溢出。如果将大于XFRMPOLICYOUT的p-dir值用作sock-skpolicy数组的索引的话，就可以触发这个漏洞，导致拒绝服务或执行任意代码。 Linux kernel 2.6.13-rc4 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux 9.3 S.u.S.E. Linu...

CVE-2005-2456

Array index overflow in the xfrmskpolicyinsert function in xfrmuser.c in Linux kernel 2.6 allows local users to cause a denial of service oops or deadlock and possibly execute arbitrary code via a p-dir value that is larger than XFRMPOLICYOUT, which is used as an index in the sock-skpolicy array...