Description
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
Third Party Advisory x_refsource_misc
http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97534
Scores
CVSS v3
7.5
EPSS
0.0079
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (1)
linux/linux_kernel
3.15 - 3.16.44
Published
Apr 10, 2017
Tracked Since
Feb 18, 2026