The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Denial Of Service
RCE
Linux
Buffer Overflow
Linux Kernel
+2
NVD
GitHub
CVSS 2.0
9.3
EPSS
4.1%