Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-4081

Опубликовано: 20 окт. 2011
Источник: redhat
CVSS2: 4.9

Описание

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

Отчет

This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, and 5 as they did not include support for the GHASH message digest algorithm. This has been addressed in Red Hat Enterprise Linux 6, and MRG via https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=749475kernel: crypto: ghash: null pointer deref if no key is set

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-4081

CVSS3: 5.5
ubuntu
около 13 лет назад

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

nvd логотип

CVE-2011-4081

CVSS3: 5.5
nvd
около 13 лет назад

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

debian логотип

CVE-2011-4081

CVSS3: 5.5
debian
около 13 лет назад

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...

github логотип

GHSA-v6mx-fmfw-p682

CVSS3: 5.5
github
около 3 лет назад

crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.

oracle-oval логотип

ELSA-2012-2003

oracle-oval
больше 13 лет назад

ELSA-2012-2003: Unbreakable Enterprise kernel security and bug fix update (IMPORTANT)

4.9 Medium

CVSS2