// For flags

CVE-2015-3331

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

La función __driver_rfc4106_decrypt en arch/x86/crypto/aesni-intel_glue.c en el kernel de Linux anterior a 3.19.3 no determina correctamente las localizaciones de memoria utilizadas para datos cifrados, Lo que permite a atacantes dependientes de contexto causar una denegación de servicio (desbordamiento de buffer y caída de sistema) o posiblemente ejecutar código arbitrario mediante la provocación de una llamada de API Crypto, tal y como fue demostrado por el uso de un programa de pruebas de libkcapi con un socket AF_ALG(aead).

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-17 CVE Reserved
  • 2015-04-27 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (18)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 3.2.69
Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.69"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.3 < 3.4.108
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.108"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.5 < 3.10.73
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.73"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.12 < 3.12.40
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 3.12.40"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.13 < 3.14.37
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.37"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.15 < 3.16.35
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.17 < 3.18.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.11"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.19 < 3.19.3
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 3.19.3"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected