CVE-2015-3331

Updated: 2023-12-06

CWE: Buffer Errors

Description:

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

CVSS3:

Vendor State

OS	Vendor version	Errata
RHEL 6	2.6.32-504.23.4.el6	RHSA-2015:1081
RHEL 7	3.10.0-229.4.2.el7	RHSA-2015:0987
Ubuntu 14.04	3.13.0-53.88	USN-2614-1
Ubuntu 14.04 ESM	3.13.0-53.88	USN-2614-1
CentOS 7	3.10.0-229.4.2.el7	CESA-2015:0987
CentOS 6	2.6.32-504.23.4.el6	CESA-2015:1081
CentOS 7 plus	3.10.0-229.4.2.el7.centos.plus	CESA-2015:0987
CentOS 6 plus	2.6.32-504.23.4.el6.centos.plus	CESA-2015:1081
Oracle Linux 6	2.6.32-504.23.4.el6	ELSA-2015-1081
Oracle Linux 7	3.10.0-229.4.2.el7	ELSA-2015-0987
Scientific 6	2.6.32-504.23.4.el6	CESA-2015:1081

KernelCare State

OS	Original kernel version	State
RHEL 6	2.6.32-431.23.3.el6 show all hide all 2.6.32-431.3.1.el6 2.6.32-431.5.1.el6 2.6.32-431.el6 2.6.32-504.1.3.el6 2.6.32-504.16.2.el6 2.6.32-504.el6 2.6.32-431.1.2.el6 2.6.32-431.11.2.el6 2.6.32-431.17.1.el6 2.6.32-431.20.3.el6 2.6.32-431.20.5.el6 2.6.32-431.29.2.el6 2.6.32-504.12.2.el6 2.6.32-504.3.3.el6 2.6.32-504.8.1.el6	Released
RHEL 7	3.10.0-123.8.1.el7 show all hide all 3.10.0-123.13.1.el7 3.10.0-229.el7 3.10.0-123.13.2.el7 3.10.0-123.6.3.el7 3.10.0-123.20.1.el7 3.10.0-123.4.2.el7 3.10.0-123.1.2.el7 3.10.0-123.9.2.el7 3.10.0-123.9.3.el7 3.10.0-123.el7 3.10.0-123.4.4.el7 3.10.0-229.1.2.el7	Released
Ubuntu 14.04	3.13.0-39.66 show all hide all 3.13.0-37.64 3.13.0-49.83 3.13.0-41.70 3.13.0-36.63 3.13.0-44.73 3.13.0-49.81 3.13.0-46.75 3.13.0-40.69 3.13.0-33.58 3.13.0-43.72 3.13.0-51.84 3.13.0-38.65 3.13.0-40.68 3.13.0-45.74 3.13.0-46.76 3.13.0-46.77 3.13.0-52.86 3.13.0-32.57 3.13.0-46.79 3.13.0-34.60 3.13.0-35.62 3.13.0-48.80 3.13.0-52.85	Released
Ubuntu 14.04 ESM		Ready For Release
CentOS 7	3.10.0-229.el7 show all hide all 3.10.0-123.1.2.el7 3.10.0-123.4.2.el7 3.10.0-123.6.3.el7 3.10.0-123.13.1.el7 3.10.0-123.8.1.el7 3.10.0-123.9.2.el7 3.10.0-123.13.2.el7 3.10.0-123.9.3.el7 3.10.0-123.el7 3.10.0-229.1.2.el7 3.10.0-123.4.4.el7 3.10.0-123.20.1.el7	Released
CentOS 6	2.6.32-431.11.2.el6 show all hide all 2.6.32-504.8.1.el6 2.6.32-504.3.3.el6 2.6.32-504.1.3.el6 2.6.32-431.el6 2.6.32-431.23.3.el6 2.6.32-431.5.1.el6 2.6.32-504.12.2.el6 2.6.32-431.20.5.el6 2.6.32-504.el6 2.6.32-431.20.3.el6 2.6.32-431.3.1.el6 2.6.32-431.1.2.0.1.el6 2.6.32-431.17.1.el6 2.6.32-504.16.2.el6 2.6.32-431.29.2.el6	Released
CentOS 7 plus	3.10.0-123.13.2.el7.centos.plus show all hide all 3.10.0-123.8.1.el7.centos.plus 3.10.0-123.6.3.el7.centos.plus 3.10.0-123.4.4.el7.centos.plus 3.10.0-123.9.2.el7.centos.plus 3.10.0-229.el7.centos.plus 3.10.0-123.20.1.el7.centos.plus 3.10.0-123.13.1.el7.centos.plus 3.10.0-229.1.2.el7.centos.plus 3.10.0-123.9.3.el7.centos.plus 3.10.0-123.el7.centos.plus 3.10.0-123.1.2.el7.centos.plus 3.10.0-123.4.2.el7.centos.plus	Released
CentOS 6 plus	2.6.32-431.1.2.el6.centos.plus show all hide all 2.6.32-431.5.1.el6.centos.plus 2.6.32-504.3.3.el6.centos.plus 2.6.32-504.16.2.el6.centos.plus 2.6.32-504.1.3.el6.centos.plus 2.6.32-504.12.2.el6.centos.plus 2.6.32-504.8.1.el6.centos.plus 2.6.32-431.20.3.el6.centos.plus 2.6.32-431.17.1.el6.centos.plus 2.6.32-431.11.2.el6.centos.plus 2.6.32-431.el6.centos.plus 2.6.32-431.20.5.el6.centos.plus 2.6.32-504.el6.centos.plus 2.6.32-431.29.2.el6.centos.plus 2.6.32-431.23.3.el6.centos.plus 2.6.32-431.3.1.el6.centos.plus 2.6.32-431.20.3.0.1.el6.centos.plus	Released
Oracle Linux 6	2.6.32-504.3.3.el6 show all hide all 2.6.32-504.16.2.el6 2.6.32-431.20.5.el6 2.6.32-431.29.2.el6 2.6.32-431.1.2.el6 2.6.32-431.el6 2.6.32-504.el6 2.6.32-431.17.1.el6 2.6.32-431.23.3.el6 2.6.32-431.11.2.el6 2.6.32-431.3.1.el6 2.6.32-504.8.1.el6 2.6.32-504.1.3.el6 2.6.32-431.20.3.el6 2.6.32-431.5.1.el6 2.6.32-504.12.2.el6	Released
Oracle Linux 7	3.10.0-123.9.3.el7 show all hide all 3.10.0-229.1.2.el7 3.10.0-123.20.1.el7 3.10.0-123.13.1.el7 3.10.0-123.13.2.el7 3.10.0-123.4.4.el7 3.10.0-229.el7 3.10.0-123.6.3.el7 3.10.0-123.4.2.el7 3.10.0-123.el7 3.10.0-123.8.1.el7 3.10.0-123.9.2.el7 3.10.0-123.1.2.el7	Released
CloudLinux OS 7	3.10.0-223.1.2.lve1.3.22.el7 show all hide all 3.10.0-223.1.2.lve1.3.33.3.el7 3.10.0-223.1.2.lve1.3.33.el7 3.10.0-233.1.2.lve1.3.33.1.el7 3.10.0-233.1.2.lve1.3.33.4.el7	Released
CloudLinux OS 6	2.6.32-531.1.2.lve1.2.54.el6 show all hide all 2.6.32-531.11.2.lve1.2.55.el6 2.6.32-531.17.1.lve1.2.56.el6 2.6.32-531.17.1.lve1.2.57.el6 2.6.32-531.17.1.lve1.2.58.el6 2.6.32-531.17.1.lve1.2.60.el6 2.6.32-531.23.3.lve1.2.65.el6 2.6.32-531.23.3.lve1.2.66.el6 2.6.32-531.23.3.lve1.3.6.el6 2.6.32-531.29.2.lve1.3.11.1.el6 2.6.32-531.29.2.lve1.3.11.10.el6	Released
OpenVZ 6	2.6.32-042stab085.17 show all hide all 2.6.32-042stab085.20 2.6.32-042stab088.4 2.6.32-042stab090.2 2.6.32-042stab090.3 2.6.32-042stab090.4 2.6.32-042stab090.5 2.6.32-042stab092.1 2.6.32-042stab092.2 2.6.32-042stab092.3 2.6.32-042stab093.4 2.6.32-042stab093.5 2.6.32-042stab094.7 2.6.32-042stab094.8 2.6.32-042stab102.9 2.6.32-042stab103.6 2.6.32-042stab104.1 2.6.32-042stab105.14 2.6.32-042stab106.4 2.6.32-042stab106.6 2.6.32-042stab108.1 2.6.32-042stab108.2	Released
Scientific 6	2.6.32-431.20.3.el6 show all hide all 2.6.32-504.el6 2.6.32-431.1.2.el6 2.6.32-504.3.3.el6 2.6.32-431.20.5.el6 2.6.32-504.12.2.el6 2.6.32-431.11.2.el6 2.6.32-504.16.2.el6 2.6.32-431.el6 2.6.32-431.29.2.el6 2.6.32-504.8.1.el6 2.6.32-431.3.1.el6 2.6.32-431.23.3.el6 2.6.32-431.5.1.el6 2.6.32-504.1.3.el6 2.6.32-431.17.1.el6	Released
OEL 6 Dell		Ready For Release
OEL 7 Dell		Ready For Release
Endurance 7 eig 3.10		Ready For Release
Debian 10 cloud		Will Not Fix
Debian 9 backports		Will Not Fix