net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 3.4.105 (excluding) |
Linux_kernel | Linux | 3.5 (including) | 3.10.55 (excluding) |
Linux_kernel | Linux | 3.11 (including) | 3.12.29 (excluding) |
Linux_kernel | Linux | 3.13 (including) | 3.14.19 (excluding) |
Linux_kernel | Linux | 3.15 (including) | 3.16.3 (excluding) |