Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-8970

Опубликовано: 28 нояб. 2016
Источник: nvd
CVSS3: 5.5
CVSS2: 4.9
EPSS Низкий

Описание

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 4.4.1 (включая)

EPSS

Процентиль: 11%
0.00038
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2015-8970

CVSS3: 5.5
ubuntu
больше 8 лет назад

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.

redhat логотип

CVE-2015-8970

CVSS3: 5.5
redhat
больше 9 лет назад

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.

debian логотип

CVE-2015-8970

CVSS3: 5.5
debian
больше 8 лет назад

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not veri ...

github логотип

GHSA-552p-pmcq-pm57

CVSS3: 5.5
github
около 3 лет назад

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.

suse-cvrf логотип

SUSE-SU-2017:1301-1

suse-cvrf
около 8 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 11%
0.00038
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-476