UBUNTU-CVE-2015-3331
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 21 Apr 2015, 00:00
Last modified:22 Apr 2026, 10:08
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Apr 2015, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:08
Last Modified
Vulnerability information updated
Description
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
Affected Systems
- ubuntu•linux
< 3.13.0-53.88
- ubuntu•linux-lts-utopic
< 3.16.0-38.52~14.04.1
References (10)
- https://ubuntu.com/security/CVE-2015-3331
- http://www.openwall.com/lists/oss-security/2015/04/14/16
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e
- https://ubuntu.com/security/notices/USN-2613-1
- https://ubuntu.com/security/notices/USN-2614-1
- https://ubuntu.com/security/notices/USN-2615-1
- https://ubuntu.com/security/notices/USN-2616-1
- https://ubuntu.com/security/notices/USN-2631-1
- https://ubuntu.com/security/notices/USN-2632-1
- https://www.cve.org/CVERecord?id=CVE-2015-3331