crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 3.15 (including) | 3.16.44 (excluding) |
Linux_kernel | Linux | 3.17 (including) | 3.18.50 (excluding) |
Linux_kernel | Linux | 3.19 (including) | 4.1.40 (excluding) |
Linux_kernel | Linux | 4.2 (including) | 4.4.63 (excluding) |
Linux_kernel | Linux | 4.5 (including) | 4.9.24 (excluding) |
Linux_kernel | Linux | 4.10 (including) | 4.10.12 (excluding) |