cve/CVE-2014-9644.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

POC

Reference

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.ubuntu.com/usn/USN-2514-1
http://www.ubuntu.com/usn/USN-2543-1
https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2014-9644

Description

POC

Reference

Github

1.0 KiB

Raw Blame History