Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux kernel 缓冲区错误漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.14.8之前的版本中的HMAC实现存在缓冲区溢出漏洞。本地攻击者可通过执行一系列特制的系统调用利用该漏洞执行代码或造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A