// For flags

CVE-2015-3331

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

La función __driver_rfc4106_decrypt en arch/x86/crypto/aesni-intel_glue.c en el kernel de Linux anterior a 3.19.3 no determina correctamente las localizaciones de memoria utilizadas para datos cifrados, Lo que permite a atacantes dependientes de contexto causar una denegación de servicio (desbordamiento de buffer y caída de sistema) o posiblemente ejecutar código arbitrario mediante la provocación de una llamada de API Crypto, tal y como fue demostrado por el uso de un programa de pruebas de libkcapi con un socket AF_ALG(aead).

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-17 CVE Reserved
  • 2015-04-27 CVE Published
  • 2024-05-03 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (18)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/04/14/16 Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory
http://www.securitytracker.com/id/1032416 Third Party Advisory
https://github.com/torvalds/linux/commit/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1081.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1199.html 2023-11-07
http://www.debian.org/security/2015/dsa-3237 2023-11-07
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3 2023-11-07
http://www.ubuntu.com/usn/USN-2631-1 2023-11-07
http://www.ubuntu.com/usn/USN-2632-1 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1213322 2015-06-30
https://access.redhat.com/security/cve/CVE-2015-3331 2015-06-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 3.2.69
Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.69"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.3 < 3.4.108
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.108"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.5 < 3.10.73
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.73"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.12 < 3.12.40
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.12 < 3.12.40"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.13 < 3.14.37
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.15 < 3.16.35
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.17 < 3.18.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.11"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.19 < 3.19.3
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 3.19.3"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected