Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cryptodev-linux <= 1.14 get_userbuf Use After Free LPE
Vulnerability Description
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
cryptodev-linux 资源管理错误漏洞
Vulnerability Description
cryptodev-linux是cryptodev-linux开源的一个Linux内核加密设备驱动。 cryptodev-linux 1.14及之前版本存在资源管理错误漏洞,该漏洞源于/dev/crypto设备驱动程序的get_userbuf函数存在页面引用处理缺陷,可能导致本地用户触发释放后重用条件,进而实现本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A